[ovirt-users] Re: Ovirt-engine , certificate issue

On Tue, May 17, 2022 at 7:36 PM Sharon Gratch <sgratch(a)redhat.com&gt; wrote: Hi, On Tue, May 17, 2022 at 7:33 PM Angel R. Gonzalez <angel.gonzalez(a)uam.es&gt; wrote: Hello, I've a issue when I try log in ovirt-engine manager with a browser. The error message is:      PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed The ovirt version is 4.4.5.11-1. I follow the next commands for try resolve it. > # cp -a /etc/pki/ovirt-engine "/etc/pki/ovirt-engine.$(date "+%Y%m%d")" > # SUBJECT="$(openssl x509 -subject -noout -in > /etc/pki/ovirt-engine/certs/apache.cer | sed 's/subject= //')" > # /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=apache > --password="PASSWORD" --subject="${SUBJECT}" > # openssl pkcs12 -passin "pass:PASSWORD" -nokeys -in > /etc/pki/ovirt-engine/keys/apache.p12 > > /etc/pki/ovirt-engine/certs/apache.cer > # openssl pkcs12 -passin "pass:PASSWORD" -nocerts -nodes -in > /etc/pki/ovirt-engine/keys/apache.p12 > > /etc/pki/ovirt-engine/keys/apache.key.nopass > # chmod 0600 /etc/pki/ovirt-engine/keys/apache.key.nopass > # systemctl restart ovirt-engine.service But after restarting the issue is the same. Any idea? Maybe try to restart the apache HTTP Server as well: /systemctl restart httpd/ If it still doesn't work then please share the errors within the engine log /var/log/ovirt-engine/engine.log Thanks, Sharon Otherwise you can run engine-setup --offline (it will not change anything on current config and will not try to update any package) between the answers to give it will notice that your certificate is expired and you have to answer yes to the question to renew it After that you should be able to access the engine again HIH, Gianluca