[ovirt-users] Re: Standalone Engine restore to Rocky Linux 9

Wouldn't deleting the |.p12| files break the connection to existing oVirt nodes? I think the best approach is to export and re-sign the certificates before creating a backup (on old ovirt-engine). https://access.redhat.com/solutions/5047531 Best regards, Pavel On 22. 4. 25 13:12, Jean-Louis Dupond via Users wrote: > You should be able to just do: rm -f /etc/pki/ovirt-engine/keys/*.p12 > And then rerun engine-setup. > > On 4/22/25 12:51, KSNull Zero wrote: >> Hello! >> There are a lot of errors regarding legacy cipher while restoring >> engine backup to RL9 during our migration to 4.5. >> >> 2025-04-22 08:35:48,773+0300 DEBUG >> otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca >> plugin.execute:923 execute-output: ('/usr/bin/openssl', 'pkcs12', >> '-in', '/etc/pki/ovirt-engine/keys/engine.p12', '-passin', >> 'pass:**FILTERED**', '-nokeys') stderr: >> Error outputting keys and certificates >> 00CE347D1F7F0000:error:0308010C:digital envelope >> routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global >> default library context, Algorithm (RC2-40-CBC : 0), Properties () >> >> RHEL/RL 9 disables the legacy provider for security reasons. >> >> What is the best way to solve this problem ? >> Should i just enable legacy provider in OpenSSL config or re-sign >> all certs with new ciper (where can i find more information about >> this) ? >> Thank you. >> _______________________________________________ >> Users mailing list -- users(a)ovirt.org >> To unsubscribe send an email to users-leave(a)ovirt.org >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DZ7FUYQZ3ZE... > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/NIQ463APRAA...