On 10/17/2012 02:36 PM, Neil wrote:
Sorry to repost, anyone got any ideas here?
Thanks!
On Tue, Oct 16, 2012 at 12:27 PM, Neil <nwilson123(a)gmail.com> wrote:
> Hi Juan,
>
> Thank you very much for sending through these details, I'm finally
> getting around to trying to regenerate my certs now, but I'm
> encountering an issue with importing the old CA as per below...
>
> On Fri, Oct 5, 2012 at 5:03 PM, Juan Hernandez <jhernand(a)redhat.com> wrote:
>> 5. Regenerate the keystore used by the engine, importing the old CA
>> certificate and the new engine certificate:
>>
>> rm -f /etc/pki/ovirt-engine/.keystore
>>
>> keytool \
>> -keystore /etc/pki/ovirt-engine/.keystore \
>> -import \
>> -alias cacert \
>> -storepass mypass \
>> -noprompt \
>> -file /etc/pki/ovirt-engine/ca.pem
>
>
> [root@backup ovirt-engine]# rm -f /etc/pki/ovirt-engine/.keystore
> [root@backup ovirt-engine]# keytool \
>> -keystore /etc/pki/ovirt-engine/.keystore \
>> -import \
>> -alias cacert \
>> -storepass mypass \
>> -noprompt \
>> -file /etc/pki/ovirt-engine/ca.pem
> keytool error: java.lang.Exception: Input not an X.509 certificate
The problem is probably that you are using the keytool from a Java 6
installation, and it doesn't support the PEM certificate format. You can
do two things to solve this:
1. Switch to Java 7 using "alternatives --config java". But this could
have adverse effects in other Java programs that you may be using. Note
that the oVirt engine is designed to use Java 7, so if you are using
Java 6 you can find other issues.
2. Create a DER encoded version of the CA certificate before importing it:
openssl x509 \
-in /etc/pki/ovirt-engine/ca.pem \
-inform pem \
-out /etc/pki/ovirt-engine/ca.cer \
-outform der
Then use the "ca.cer" file instead of the "ca.pem" file in the
keytool
command.
Sorry for the late response.
> My certificate was created on the early release of ovirt-engine
3.1 so
> not sure if this is perhaps why?
>
> Thanks.
>
> Regards.
>
> Neil Wilson.
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.