[ovirt-users] PKIX path error

Greetings, I have a running oVirt install that's been working for almost 2 years. I'm building a _completely_ new install. I mention it because it is useful for me to compare configurations when I run into issues like this one. Right now there are three physical hosts: 1x management where I run the engine and db 2x hypervisor nodes. I had it up and installed and running smooth this morning on 4.3.9.4-1.el7 on Scientific Linux 7.8 (fully patched). I copied over our 3rd party certs from the running system and restarted httpd. Perfect. SSL is running! /etc/pki/ovirt-engine/apache-ca.pem /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/keys/apache.key.nopass Next I used ovirt-engine-extension-aaa-ldap-setup to point to our ldap server. I did the login and search test and both passed on the command line! Horray! Then I went to the web interface... sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I'm digging through logs and I don't see anything close to this error except nearly the identical message in engine.log. ERROR [org.ovirt.engine.core.aaa.servlet.SslPostLoginServlet] (default task-2) [] server_error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I can't log in via the web at all, I only get that message (so I can't even test out the local admin). The aaa ldap configuration it generated is darn near perfectly identical (just a name change). The certs are the same. Even when I look in the keystore, the sha1 hashes are the same between the two environments! After over an hour poking at this, I'm completely stumped. Can someone please give me a pointer on what I should try next? Thanks! ~Stack~