<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hi,<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">please follow steps as described in BZ:<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with &#39;.conf&#39; suffix) with following content:<br><br>  ENGINE_HTTPS_PKI_TRUST_STORE=&quot;&lt;full path to your java keystore&gt;&quot;<br>  ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=&quot;&lt;password to your java keystore&gt;&quot;<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">2. Restart the engine<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">If the above doesn&#39;t work please attach server.log/engine.log<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Thanks<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Martin Perina<br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 3, 2016 at 2:49 PM, Fabrice Bacchella <span dir="ltr">&lt;<a href="mailto:fabrice.bacchella@icloud.com" target="_blank">fabrice.bacchella@icloud.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Indeed, the certificate for the web interface is not coming from ovirt&#39;s internal PKI, but from our own internal one.<br>
<br>
I have a custom trust store not located in /etc/pki/java/cacerts, I did try to add ENGINE_PROPERTIES=&quot;${ENGINE_PROPERTIES} javax.net.ssl.trustStore=.../allmyca.jks javax.net.ssl.trustStorePassword=&#39;&#39;&quot; in a file in /etc/ovirt-engine/engine.conf.d but it didn&#39;t help.<br>
<br>
Can I add them in /etc/pki/ovirt-engine/.truststore ?<br>
&gt;<br>
&gt; Le 3 août 2016 à 13:22, Martin Perina &lt;<a href="mailto:mperina@redhat.com">mperina@redhat.com</a>&gt; a écrit :<br>
&gt;<br>
&gt; Hi,<br>
&gt;<br>
&gt; are you using HTTPS certificate signed by external CA? If so please follow steps described in Doc Text of<br>
&gt;<br>
&gt; <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1336838" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1336838</a><br>
&gt;<br>
&gt; Thanks<br>
&gt;<br>
&gt; Martin Perina<br>
&gt;<br>
&gt;<br>
&gt; On Wed, Aug 3, 2016 at 1:18 PM, Fabrice Bacchella &lt;<a href="mailto:fabrice.bacchella@icloud.com">fabrice.bacchella@icloud.com</a>&gt; wrote:<br>
&gt; After the upgrad, I&#39;m unable to log in, I&#39;m getting the following error:<br>
&gt;<br>
&gt;  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path<br>
&gt;  to requested target<br>
&gt;<br>
&gt;<br>
&gt; Where should I look to correct that ?<br>
&gt; _______________________________________________<br>
&gt; Users mailing list<br>
&gt; <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
&gt; <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
&gt;<br>
<br>
</blockquote></div><br></div>