Hi,

please follow steps as described in BZ:

1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:

ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>"

2. Restart the engine

If the above doesn't work please attach server.log/engine.log

Thanks

Martin Perina

On Wed, Aug 3, 2016 at 2:49 PM, Fabrice Bacchella <fabrice.bacchella@icloud.com> wrote:

Indeed, the certificate for the web interface is not coming from ovirt's internal PKI, but from our own internal one.

I have a custom trust store not located in /etc/pki/java/cacerts, I did try to add ENGINE_PROPERTIES="${ENGINE_PROPERTIES} javax.net.ssl.trustStore=.../allmyca.jks javax.net.ssl.trustStorePassword=''" in a file in /etc/ovirt-engine/engine.conf.d but it didn't help.

Can I add them in /etc/pki/ovirt-engine/.truststore ?
>
> Le 3 août 2016 à 13:22, Martin Perina <mperina@redhat.com> a écrit :
>
> Hi,
>
> are you using HTTPS certificate signed by external CA? If so please follow steps described in Doc Text of
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1336838
>
> Thanks
>
> Martin Perina
>
>
> On Wed, Aug 3, 2016 at 1:18 PM, Fabrice Bacchella <fabrice.bacchella@icloud.com> wrote:
> After the upgrad, I'm unable to log in, I'm getting the following error:
>
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path
> to requested target
>
>
> Where should I look to correct that ?
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>