openssl x509 -noout -in /etc/pki/vdsm/certs/cacert.pem -fingerprint
# openssl x509 -noout -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -fingerprint
# openssl x509 -noout -in /etc/pki/vdsm/libvirt-vnc/ca-cert.pem -fingerprint
# openssl x509 -noout -in /etc/pki/CA/cacert.pem -fingerprint
Those commands show that the fingerprints are the same.
openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/engine.cer
# openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/apache.cer
# openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/websocket-proxy.cer
# openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/jboss.cer
# openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/imageio-proxy.cer
# openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer
These verification commands come back as OK. I am having trouble finding my problem. Does anyone have any suggestions? I am not finding any hits on google and unknown_ca.
Also the vdsm log on hypervisors has this:
2022-10-10 15:54:42,843-0500 ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: SSLError, address: ::ffff:192.168.50.26 (sslutils:263)
Thanks
Don