I did not but I finally found the issue, what a ride this was..

After updating keys/engine.p12 hosts finally showed up. While there are probably more certs outdated and some parts not working now I can finally do regular enrollments.

I was right all along, the auth cert was causing the problem, I just had to find it. Unfortunately zero docs on engine.p12 so it was all deduction and luck in the end.


On 10/03/2023 11:41, Patrick Chiang wrote:
Hi,

Yes, that is the exact guide I followed.
I can now actually use vdsm-client on each host after cert swap but ovirt-engine still can't establish connection.

I had to manually generate the apache certs to get into the UI console at the beginning and that was successful.

Is there a specific cert that ovirt-engine uses for mTLS handshahe?

Did you also try these?

mgr cert expired https://access.redhat.com/solutions/4780411
host cert expired https://access.redhat.com/solutions/3532921
Another one for host cert expiration https://access.redhat.com/solutions/6215911
manually connect to guest VM  https://access.redhat.com/solutions/3830921

I refer to these to fix my certs. Not sure if you can find the useful info you want?

Patrick