I don't remember to ever seen a question about this during engine-setup, but it could be. In /etc/pki/vdsm/certs/ I can see an old cert and ca with subjet:
[root@ovirt01 ~]# su - vdsm -s /bin/bash -c 'openssl x509 -in /etc/pki/vdsm/certs/cacert.pem.20150205093608 -text' Certificate: Data: Version: 3 (0x2) Serial Number: 1423056193 (0x54d21d41) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=VDSM Certificate Authority Validity Not Before: Feb 4 13:23:13 2015 GMT Not After : Feb 4 13:23:13 2016 GMT Subject: CN=VDSM Certificate Authority Subject Public Key Info:
[CUT]
[root@ovirt01 ~]# su - vdsm -s /bin/bash -c 'openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem.20150205093609 -text' Certificate: Data: Version: 3 (0x2) Serial Number: 1423056193 (0x54d21d41) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=VDSM Certificate Authority Validity Not Before: Feb 4 13:23:13 2015 GMT Not After : Feb 4 13:23:13 2016 GMT Subject: CN=ovirt01.hawai.lan, O=VDSM Certificate Subject Public Key Info: Public Key Algorithm: rsaEncryption
I think that was certs made during first hosted engine installation. Could it work if I manually create certs like this? Just to start libvirtd, vdsm and hosted-engine. I think it's worth a try. Just create a self-signed CA, a keypair signed by it, and place them correctly, should work.
The engine won't be able to talk with the host, but you can then more easily reinstall/re-enroll-certs.
Good luck, This workaround works! I have hosted engine running!
So I have to find how reinstall/re-enroll-certs on host. From engine UI host status is "NonResponsive" and I can't do nothing....