Thanks all but I ended up figuring it out.  I needed to use a "chain" file which included the root and intermediate certs.

Sorry to have wasted your time.

On Tue, 12 Apr 2022 at 18:07, Pavel Bar <pbar@redhat.com> wrote:
Adding Martin Perina & Martin Necas.
Hi @Martin Perina & @Martin Necas :)
Do you know whether 3rd party certificates should work?
And/or what can be the issue with the certificates?

Thank you in advance!

Pavel



On Tue, 12 Apr 2022 at 10:20, Benny Zlotnik <bzlotnik@redhat.com> wrote:
+Pavel Bar

On Mon, Apr 11, 2022 at 1:40 PM Colin Coe <colin.coe@gmail.com> wrote:
>
> Hi all
>
> I'm trying to run ovirt-dr generate but its failing:
> /usr/share/ansible/collections/ansible_collections/redhat/rhv/roles/disaster_recovery/files/ovirt-dr generate
> Log file: '/tmp/ovirt-dr-1649673243333.log'
> [Generate Mapping File] Connection to setup has failed. Please check your credentials:
>  URL: https://server.fqdn/ovirt-engine/api
>  user: admin@internal
>  CA file: ./ca.pem
> [Generate Mapping File] Failed to generate var file.
>
> When I examine the log file:
> 2022-04-11 18:34:03,332 INFO Start generate variable mapping file for oVirt ansible disaster recovery
> 2022-04-11 18:34:03,333 INFO Site address: https://server.fqdn/ovirt-engine/api
> username: admin@internal
> password: *******
> ca file location: ./ca.pem
> output file location: ./disaster_recovery_vars.yml
> ansible play location: ./dr_play.yml
> 2022-04-11 18:34:03,343 ERROR Connection to setup has failed. Please check your credentials:
>  URL: https://server.fqdn/ovirt-engine/api
>  user: admin@internal
>  CA file: ./ca.pem
> 2022-04-11 18:34:03,343 ERROR Error: Error while sending HTTP request: (60, 'SSL certificate problem: unable to get local issuer certificate')
> 2022-04-11 18:34:03,343 ERROR Failed to generate var file.
>
> My suspicion is that the script doesn't like third party certs.
>
> Has anyone got this working with third party certs?  If so, what did you need to do?
>
> Thanks
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-leave@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/X6WCCPOBXKIC6CIUGWTUMHHUFQPFMY25/