On Tue, May 17, 2022 at 7:36 PM Sharon Gratch <sgratch@redhat.com> wrote:

Hi,

On Tue, May 17, 2022 at 7:33 PM Angel R. Gonzalez <angel.gonzalez@uam.es> wrote:

Hello,

I've a issue when I try log in ovirt-engine manager with a browser. The
error message is:

PKIX path validation failed:
java.security.cert.CertPathValidatorException: validity check failed

The ovirt version is 4.4.5.11-1.

I follow the next commands for try resolve it.

> # cp -a /etc/pki/ovirt-engine "/etc/pki/ovirt-engine.$(date "+%Y%m%d")"
> # SUBJECT="$(openssl x509 -subject -noout -in
> /etc/pki/ovirt-engine/certs/apache.cer | sed 's/subject= //')"
> # /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=apache
> --password="PASSWORD" --subject="${SUBJECT}"
> # openssl pkcs12 -passin "pass:PASSWORD" -nokeys -in
> /etc/pki/ovirt-engine/keys/apache.p12 >
> /etc/pki/ovirt-engine/certs/apache.cer
> # openssl pkcs12 -passin "pass:PASSWORD" -nocerts -nodes -in
> /etc/pki/ovirt-engine/keys/apache.p12 >
> /etc/pki/ovirt-engine/keys/apache.key.nopass
> # chmod 0600 /etc/pki/ovirt-engine/keys/apache.key.nopass
> # systemctl restart ovirt-engine.service
But after restarting the issue is the same.

Any idea?

Maybe try to restart the apache HTTP Server as well:

systemctl restart httpd

If it still doesn't work then please share the errors within the engine log /var/log/ovirt-engine/engine.log

Thanks,

Sharon

Otherwise you can run

engine-setup --offline

(it will not change anything on current config and will not try to update any package)

between the answers to give it will notice that your certificate is expired and you have to answer yes to the question to renew it

After that you should be able to access the engine again

HIH,

Gianluca