On Tue, May 17, 2022 at 7:36 PM Sharon Gratch <sgratch(a)redhat.com> wrote:
Hi,
On Tue, May 17, 2022 at 7:33 PM Angel R. Gonzalez <angel.gonzalez(a)uam.es>
wrote:
> Hello,
>
> I've a issue when I try log in ovirt-engine manager with a browser. The
> error message is:
>
> PKIX path validation failed:
> java.security.cert.CertPathValidatorException: validity check failed
>
> The ovirt version is 4.4.5.11-1.
>
> I follow the next commands for try resolve it.
>
>
> > # cp -a /etc/pki/ovirt-engine "/etc/pki/ovirt-engine.$(date
"+%Y%m%d")"
> > # SUBJECT="$(openssl x509 -subject -noout -in
> > /etc/pki/ovirt-engine/certs/apache.cer | sed 's/subject= //')"
> > # /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=apache
> > --password="PASSWORD" --subject="${SUBJECT}"
> > # openssl pkcs12 -passin "pass:PASSWORD" -nokeys -in
> > /etc/pki/ovirt-engine/keys/apache.p12 >
> > /etc/pki/ovirt-engine/certs/apache.cer
> > # openssl pkcs12 -passin "pass:PASSWORD" -nocerts -nodes -in
> > /etc/pki/ovirt-engine/keys/apache.p12 >
> > /etc/pki/ovirt-engine/keys/apache.key.nopass
> > # chmod 0600 /etc/pki/ovirt-engine/keys/apache.key.nopass
> > # systemctl restart ovirt-engine.service
> But after restarting the issue is the same.
>
> Any idea?
>
Maybe try to restart the apache HTTP Server as well:
*systemctl restart httpd*
If it still doesn't work then please share the errors within the engine
log /var/log/ovirt-engine/engine.log
Thanks,
Sharon
Otherwise you can run
engine-setup --offline
(it will not change anything on current config and will not try to update
any package)
between the answers to give it will notice that your certificate is expired
and you have to answer yes to the question to renew it
After that you should be able to access the engine again
HIH,
Gianluca