<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hi,<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">please follow steps as described in BZ:<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:<br><br> ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>"<br> ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>"<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">2. Restart the engine<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">If the above doesn't work please attach server.log/engine.log<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Thanks<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Martin Perina<br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 3, 2016 at 2:49 PM, Fabrice Bacchella <span dir="ltr"><<a href="mailto:fabrice.bacchella@icloud.com" target="_blank">fabrice.bacchella@icloud.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Indeed, the certificate for the web interface is not coming from ovirt's internal PKI, but from our own internal one.<br>
<br>
I have a custom trust store not located in /etc/pki/java/cacerts, I did try to add ENGINE_PROPERTIES="${ENGINE_PROPERTIES} javax.net.ssl.trustStore=.../allmyca.jks javax.net.ssl.trustStorePassword=''" in a file in /etc/ovirt-engine/engine.conf.d but it didn't help.<br>
<br>
Can I add them in /etc/pki/ovirt-engine/.truststore ?<br>
><br>
> Le 3 août 2016 à 13:22, Martin Perina <<a href="mailto:mperina@redhat.com">mperina@redhat.com</a>> a écrit :<br>
><br>
> Hi,<br>
><br>
> are you using HTTPS certificate signed by external CA? If so please follow steps described in Doc Text of<br>
><br>
> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1336838" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1336838</a><br>
><br>
> Thanks<br>
><br>
> Martin Perina<br>
><br>
><br>
> On Wed, Aug 3, 2016 at 1:18 PM, Fabrice Bacchella <<a href="mailto:fabrice.bacchella@icloud.com">fabrice.bacchella@icloud.com</a>> wrote:<br>
> After the upgrad, I'm unable to log in, I'm getting the following error:<br>
><br>
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path<br>
> to requested target<br>
><br>
><br>
> Where should I look to correct that ?<br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
><br>
<br>
</blockquote></div><br></div>