Hello

I have an environment with quite a lot of hosts using local storage domains. The engine and hosts cert expired. I ran engine-setup on the ovirt-engine so that the engine cert would get updated and then followed this https://access.redhat.com/solutions/3532921 to manually update the hosts certs so that hopefully the engine can talk to vdsm and then carry out the cert enrollment process, but no luck. I am getting is error in vdsm.log:

2022-07-26 18:32:12,743-0500 INFO  (Reactor thread) [ProtocolDetector.AcceptorImpl] Accepted connection from ::ffff:192.168.50.26:58194 (protocoldetector:61)
2022-07-26 18:32:12,760-0500 ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: SSLError, address: ::ffff:192.168.50.26 (sslutils:263)

and the engine.log:

2022-07-26 03:30:13,242-05 INFO  [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to host01/192.168.50.72
2022-07-26 03:30:13,257-05 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages General SSLEngine problem
2022-07-26 03:30:13,260-05 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-12) [] EVENT_ID: VDS_BROKER_COMMAND_FAILURE(10,802), VDSM host01 command Get Host Capabilities failed: General SSLEngine problem

I substituted host01 for the real FQDN for this post.

I can't get the hosts in a mode so that I can put it in maintenance mode and I also want to be carefull about reinstalling because the vms are stored on local storage domain on host. Fingerprints match on the certs and when I sign the vdsmcert on the engine and then copy back to the proper localtions, libvirtd and vdsmd restart fine, just the SSL ERROR.

Anyone have any ideas on how to solve this cert issue?

Thanks

Don