I have an engine with a similar issue.
You might want to revert to the old self signed cert created by
installation, and then follow the instructions at
https://ovirt.org/documentation/administration_guide/index.html
to try re-installing the third party cert after you're sure the original
cert is working properly.
My temp fix for this (didn't survive an engine VM reboot) was to cat the
cert I was installing with its intermediate-root cert into
a file named full.crt and then running a command as root like...
keytool -import -trustcacerts -keystore /etc/pki/java/cacerts -storepass
changeit -alias "$YOURALIAS" -import -file full.crt
and then systemctl restart ovirt-engine #to pick up the change.
Still trying to track down what's different on this one vs others that
work.
key size is larger
cert has alternative name.
On Thu, Sep 30, 2021 at 4:47 PM Nicolás <nicolas(a)devels.es> wrote:
Please, any help with this?
El 29/9/21 a las 13:21, nicolas(a)devels.es escribió:
> Hi,
>
> I'm making a bare metal oVirt installation, version 4.4.8.
> 'ovirt-engine' command ends well, however, we're using a third-party
> certificate (from LetsEncrypt) both for the apache server and the
> ovirt-websocket-proxy. So we changed configuration files regarding
> httpd and ovirt-websocket-proxy.
>
> Once changed the configurations, if I try to log in to the oVirt
> engine, I get a "PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target" error.
>
> In prior versions we used to add the chain to the
> /etc/pki/ovirt-engine/.truststore file, however, simply listing the
> current certificates seems not to be working on 4.4.8.
>
> # LANG=C keytool -list -keystore /etc/pki/ovirt-engine/.truststore
> -alias intermedia_le -storepass mypass
> keytool error: java.io.IOException: Invalid keystore format
>
> Is there something I'm missing here?
>
> Thank
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement:
https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
>
https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5VWVBQGIWJS...
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement:
https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VKYBE6TJZFM...