Can you check
https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html
just in case you missed a step ?
Best Regards,
Strahil Nikolov
На 27 май 2020 г. 23:10:53 GMT+03:00, Stack Korora <stackkorora(a)disroot.org>
написа:
>Greetings,
>I have a running oVirt install that's been working for almost 2 years.
>I'm building a _completely_ new install. I mention it because it is
>useful for me to compare configurations when I run into issues like
>this
>one.
>
>Right now there are three physical hosts:
>1x management where I run the engine and db
>2x hypervisor nodes.
>
>I had it up and installed and running smooth this morning on
>4.3.9.4-1.el7 on Scientific Linux 7.8 (fully patched).
>
>I copied over our 3rd party certs from the running system and restarted
>httpd. Perfect. SSL is running!
>/etc/pki/ovirt-engine/apache-ca.pem
>/etc/pki/ovirt-engine/certs/apache.cer
>/etc/pki/ovirt-engine/keys/apache.key.nopass
>
>Next I used ovirt-engine-extension-aaa-ldap-setup to point to our ldap
>server. I did the login and search test and both passed on the command
>line! Horray!
>
>Then I went to the web interface...
>
>sun.security.validator.ValidatorException: PKIX path building failed:
>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>find valid certification path to requested target
>
>I'm digging through logs and I don't see anything close to this error
>except nearly the identical message in engine.log.
>
>ERROR [org.ovirt.engine.core.aaa.servlet.SslPostLoginServlet] (default
>task-2) [] server_error: sun.security.validator.ValidatorException:
>PKIX
>path building failed:
>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>find valid certification path to requested target
>
>I can't log in via the web at all, I only get that message (so I can't
>even test out the local admin). The aaa ldap configuration it generated
>is darn near perfectly identical (just a name change). The certs are
>the
>same. Even when I look in the keystore, the sha1 hashes are the same
>between the two environments!
>
>After over an hour poking at this, I'm completely stumped.
>
>Can someone please give me a pointer on what I should try next?
>
>Thanks!
>~Stack~
>_______________________________________________
>Users mailing list -- users(a)ovirt.org
>To unsubscribe send an email to users-leave(a)ovirt.org
>Privacy Statement:
https://www.ovirt.org/privacy-policy.html
>oVirt Code of Conduct:
>https://www.ovirt.org/community/about/community-guidelines/
>List Archives:
>https://lists.ovirt.org/archives/list/users@ovirt.org/message/YOR3ATLII3LYIBEYVOKTEE4RIYZGJR76/