[ovirt-users] Re: oVirt 4.4.x step-by-step procedure to renew expired oVirt certificates

Hello Don, I'm sorry not to be able to help you... I was just happy that a simple 4.4 procedure was available when I needed it last month... There is no more support from community since a long time on 4.2 branch, that's why the best upgrade strategy is to regulary upgrade on upstream product. Neitherless, I'm sure the embbeded procedure to renew engine certs into "engine-setup --offline" should be nearly the same as the one to renew a 4.2 engine. May a RedHat guy help you on the way to follow... Good luck. Le 16/06/2022 à 15:25, Don Dupuis a écrit : Nathanaël Do you have a procedure that works on Ovirt 4.2.x as the engine-setup --offline doesn't seem to work for me as Admin Portal has a failure of "unable to find valid certification path" message. I have posted about this twice this week with no response from anyone. My engine and 32 hypervisors have expired certificates. Thanks Don On Thu, Jun 16, 2022 at 7:51 AM Nathanaël Blanchet <blanchet(a)abes.fr&gt; wrote: > Hello, > > If you refer to: > > 1. engine apache certificate expiration ("PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException:) to access to > ovirt console. > => engine-setup --offline > 2. hosts certificate expiration? > => https://access.redhat.com/solutions/3532921 > I also wrote a playbook to do so there: > https://galaxy.ansible.com/natman/ovirt_renew_certs > In this case, don't forget to renew certificate with UI (into > maintenance) when host is reponding, otherwise you may enconter issues with > console or live migration or other SSL related stuff. > > tested and approved. > Le 16/06/2022 à 12:34, Marko Vrgotic a écrit : > > Dear oVirt, > > > > The oVirt SSL certificated were changed to one-year renewal and we have a > problem now. > > We are running 4.4.x version with SHE on local storage cluster and we > have four more local storage clusters. > > > > One the cluster running SHE, the engine and host certificates have > expired. We found the procedure for renewal prior to expiration, but we do > not have a mnual one, required once certificates have expired. > > > > Would you be so kind to share the manual or steps needed to fix our oVirt > setup. > > > > Thank you in advance. > > > > > > ----- > > kind regards/met vriendelijke groeten > > > > Marko Vrgotic > Sr. System Engineer @ System Administration > > > ActiveVideo > > *o: *+31 (35) 6774131 > > *m: +*31 (65) 5734174 > > *e:* m.vrgotic(a)activevideo.com > *w: *www.activevideo.com > > > > ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein 1.1217 > WJ Hilversum, The Netherlands. The information contained in this message > may be legally privileged and confidential. It is intended to be read only > by the individual or entity to whom it is addressed or by their designee. > If the reader of this message is not the intended recipient, you are on > notice that any distribution of this message, in any form, is strictly > prohibited. If you have received this message in error, please immediately > notify the sender and/or ActiveVideo Networks, LLC by telephone at +1 > 408.931.9200 and delete or destroy any copy of this message. > > > > > > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5LOTLSGBZQA... > > -- > Nathanaël Blanchet > > Supervision réseau > SIRE > 227 avenue Professeur-Jean-Louis-Viala > 34193 MONTPELLIER CEDEX 5 > Tél. 33 (0)4 67 54 84 55 > Fax 33 (0)4 67 54 84 14blanchet(a)abes.fr > > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/3S3XZX6RVXJ... > -- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14blanchet(a)abes.fr