Hi Konstantin,
I was reading your post and wonder that maybe you could help with a similar issue as well. I also have a problem with certificates and iso/file upload (plus an additional but probably connected noVNC case) but on a Windows 11 box. The thing is that when I run admin portal (this is a hosted-engine setup) from a Linux box, one of the KVM hosts, everything (both upload/noVNC) is working fine, but when run from a Windows box... it doesn't.

On Linux, I just added the ovirt certificate to the browser root trust store.

On Windows, the same setup is not working. It seems that for Chrome and Edge the root trust stores for browsers and the OS itself are the same, for Firefox there is a difference as it has - as I understand - its own root trust store. Either way, after adding certificates to these stores, I can only get the browser not to flag the connection as insecure, but both upload and noVNC are not working. As I have mentioned, this problem occurs only under Windows, not Linux.

I would appreciate any help.

Thanks and best wishes,
Adam

Dnia 13 kwi 2023 18:32 "Volenbovskyi, Konstantin" <Konstantin.Volenbovskyi@haufe.com> napisał(a):

Hi,
I think that you might simply need to restart ovirt-imageio-proxy service because it potentially uses the old certificate/different
from the one used by ovirt-engine service.

And in general I would suggest to troubleshoot that using https://myhomelab.gr/linux/2020/01/20/replacing_ovirt_ssl.html

You should be able to troubleshoot that using 'curl'/openssl commands: in the way that it relies on system trust of root CAs and trying engine URL
vs. image-proxy URL might reveal more information. This might mean that you ignore browser (and its own store of certificate/trust settings...), but start from point that there is storage of root CAs
and trust exists because HTTPS endpoint provides certificate chain: server certificate plus certificate of sub-CAs (if needed) that is ultimately signed by root CA that trusted by your system.


BR,
Konstantin

Am 13.04.23, 15:14 schrieb "Igor Filipovic" <igor.filipovic@gmx.com <mailto:igor.filipovic@gmx.com>>:


Hi, I'm having a trouble on fresh 4.4.10.7 installation (on oracle linux), I'm not able to upload or download any file using storage domain upload image function. I've imported CA certificate and have tried on several browsers (firefow, chrome,edge), on different computers (and browsers are green - claiming that I'm securely connected), but I'm always getting error regarding CA certificate when I test connection, or when I try to upload ISO image. I've tried to upload ISO image via cli commands (upload_disk.py), and that scenario was successful, however this method It is not very convenient for my co-workers.


I have 5 physical hosts, one is dedicated to run ovirt-engine, and other 4 are kvm hypervisors. When I try to upload ISO this is what engine.log logs:


2023-04-08 11:00:28,339+02 INFO [org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand] (default task-2) [f6b62add-0a0c-45ee-a985-a76171843382] Running command: TransferImageStatusCommand internal: false. Entities affected : ID: 1eb97088-b805-4616-af55-0ac9d1d7dfbe Type: SystemAction group CREATE_DISK with role type USER
2023-04-08 11:00:28,340+02 INFO [org.ovirt.engine.core.bll.storage.disk.image.ImageTransferUpdater] (default task-2) [f6b62add-0a0c-45ee-a985-a76171843382] Updating image transfer a78b18c5-e395-4c29-aa5c-15ffff8a1cb6 (image 4f758325-ac11-4071-a9fa-d180425e8604) phase to Paused by System (message: 'Sent 0MB')
2023-04-08 11:00:28,363+02 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-2) [f6b62add-0a0c-45ee-a985-a76171843382] EVENT_ID: UPLOAD_IMAGE_NETWORK_ERROR(1,062), Unable to upload image to disk 4f758325-ac11-4071-a9fa-d180425e8604 due to a network error. Ensure ovirt-engine's CA certificate is registered as a trusted CA in the browser. The certificate can be fetched from https://engine-dr.somedomain/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA <https://engine-dr.somedomain/ovirt-engine/services/pki-resource?resource=ca-certificate&amp;format=X509-PEM-CA>
2023-04-08 11:00:28,363+02 INFO [org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand] (default task-2) [f6b62add-0a0c-45ee-a985-a76171843382] Running command: TransferImageStatusCommand internal: false. Entities affected : ID: 1eb97088-b805-4616-af55-0ac9d1d7dfbe Type: SystemAction group CREATE_DISK with role type USER


Can you please point me in some direction to try to fix this?
Thanks, and best regards
Igor




_______________________________________________
Users mailing list -- users@ovirt.org <mailto:users@ovirt.org>
To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org>
Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html>
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/>
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org <mailto:users@ovirt.org>/message/GDTIYHKLZ33Q4KV5SXIGXQ23L2KKBA3Y/



_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HGOCARZ7DLVWIJRCOEELY3HO4WHSR3NK/