Hi, thank you very much for your support. I've restarted httpd and the issue is resolved. But now, I've seen that one of the nodes is NonResponsive mode, other is in Connecting mode and the system log say: "Engine's certification has expired at 2022-05-16. Please renew the engine's certification." Should I run the command engine-setup --offline for renew the engine's certification? Do I have to do some more actions before executing that command? After the engine-setup --offline, the nodes will be up? Thanks in advance. Ángel. El 17/5/22 a las 22:23, Gianluca Cecchi escribió:
On Tue, May 17, 2022 at 7:36 PM Sharon Gratch <sgratch@redhat.com> wrote:
Hi,
On Tue, May 17, 2022 at 7:33 PM Angel R. Gonzalez <angel.gonzalez@uam.es> wrote:
Hello,
I've a issue when I try log in ovirt-engine manager with a browser. The error message is:
PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
The ovirt version is 4.4.5.11-1.
I follow the next commands for try resolve it.
> # cp -a /etc/pki/ovirt-engine "/etc/pki/ovirt-engine.$(date "+%Y%m%d")" > # SUBJECT="$(openssl x509 -subject -noout -in > /etc/pki/ovirt-engine/certs/apache.cer | sed 's/subject= //')" > # /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=apache > --password="PASSWORD" --subject="${SUBJECT}" > # openssl pkcs12 -passin "pass:PASSWORD" -nokeys -in > /etc/pki/ovirt-engine/keys/apache.p12 > > /etc/pki/ovirt-engine/certs/apache.cer > # openssl pkcs12 -passin "pass:PASSWORD" -nocerts -nodes -in > /etc/pki/ovirt-engine/keys/apache.p12 > > /etc/pki/ovirt-engine/keys/apache.key.nopass > # chmod 0600 /etc/pki/ovirt-engine/keys/apache.key.nopass > # systemctl restart ovirt-engine.service But after restarting the issue is the same.
Any idea?
Maybe try to restart the apache HTTP Server as well: /systemctl restart httpd/
If it still doesn't work then please share the errors within the engine log /var/log/ovirt-engine/engine.log
Thanks, Sharon
Otherwise you can run engine-setup --offline (it will not change anything on current config and will not try to update any package) between the answers to give it will notice that your certificate is expired and you have to answer yes to the question to renew it After that you should be able to access the engine again
HIH, Gianluca
-- Ángel Ramón González Martín Responsable de Laboratorios Docentes Edificio Alan Turing Planta 3ª, Despacho A-313 Teléfono: 91497 2311 angel.gonzalez@uam.es Escuela Politécnica Superior Universidad Autónoma de Madrid C/ Francisco Tomás y Valiente 11, 28049 Madrid Antes de imprimir este correo piense si es necesario. Cuidemos el medioambiente.