From the web UI there is an option to to regenerate the certificate Compute -> Hosts -> Management -> Maintenance -> Installation -> Enroll certificate
Best Regards,
Strahil Nikolov
Thanks for the prompt response.
Sadly enough as luck would have it, it hit this issues on one of the single-host setups - which cannot go into maintenance.
Soon after sending this email, I managed to find the RHV solution, which got VDSM working again.
However, I cannot seem to get vmconsole working - trying to get spice console connected still uses the old certificates, even though I replaced and verified /etc/pki/vdsm/libvirt-spice/server-cert.pem
$ openssl x509 -in /etc/pki/vdsm/libvirt-spice/server-cert.pem -noout -dates
notBefore=Feb 7 13:59:14 2022 GMT
notAfter=Feb 7 13:59:14 2027 GMT
$ openssl x509 -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -noout -dates
notBefore=Dec 26 16:25:01 2020 GMT
notAfter=Dec 25 16:25:01 2030 GMT
$ remote-viewer console.vv
...
(remote-viewer:14874): Spice-WARNING **: 18:14:33.500: ../subprojects/spice-common/common/ssl_verify.c:506:openssl
_verify: ssl: subject 'O=localdomain,CN=gilboa-wx-srv.localdomain' verification failed
Any idea what I'm missing?
- Gilboa
On Tue, Feb 8, 2022 at 12:13, Gilboa Davara