12:48 a.m.
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7s08lKxr317U4f7S2uiLNhLgbhqI41l89
Content-Type: multipart/mixed; boundary="hSq7F28gapFg5m3iNcupps9DgFkLnpMkc";
protected-headers="v1"
From: ~Stack~ <i.am.stack(a)gmail.com>
To: users <users(a)ovirt.org>
Message-ID: <bdcd0a7d-84c7-b37c-e66e-b2c6ace3e31c(a)gmail.com>
Subject: Help with SSL
--hSq7F28gapFg5m3iNcupps9DgFkLnpMkc
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Greetings,
OS: Scientific Linux 7.3
Ovirt: 4.1.6.2-1.el7.centos
Foreman: 1.16.0-RC1
I updated my OVirt SSL cert from a self-signed to a purchased one using
the directions here:
https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
Everything seems to work from the web interface.
Then I tried to add in Foreman. Thats where I get the error:
Unable to save
ERF56-1309 [Foreman::FingerprintException]: The remote system presented
a public key signed by an unidentified certificate authority. If you are
sure the remote system is authentic, go to the compute resource edit
page, press the 'Test Connection' or 'Load Datacenters' button and
submit=
=2E
Everything I can find says that it *should* be resolved - From Red Hat,
to Foreman, to even the Ovirt list! Yet there it is!
Well after poking at it for a while, I realized that the cert Foreman
was auto-resolving was still the /OLD/ cert!
Step #2 in those ovirt directions says to break the symbolic link to
/etc/pki/ovirt-engine/ca.pem. But it doesn't say what to do with that
file. So I replaced it with my cert. Restarted ovirt and now Foreman
resolves the correct X509 cert! (I have no idea if that broke something
else.)
But I still get the error in foreman. :-(
I feel like I'm still missing something in the ovirt configs. Something
needs to be updated/replaced in ovirt that isn't in those docs.
Can anyone help me out please? I've been trying for hours and not making
progress.
Thanks!
~Stack~
--hSq7F28gapFg5m3iNcupps9DgFkLnpMkc--
--7s08lKxr317U4f7S2uiLNhLgbhqI41l89
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZ3UApAAoJELkej+ysXJPmACEP/11wrxRd3rc3vOyR/4BKO+gg
KFdO2eOjuWBZlx6UV1sl61ivj2Pm3tXwz/v97vEtVtxFrmcdstJ1MEGTjsMV3QcB
J6j4zljuafGQheLI7atEuzoyi22yhzopbfvfTnMoe6QLdkxVLSFEDmiSf5foV+Rc
52MzSv1Xu8tXgubyam2CazpS/DKGPYU8jojWRlsTyZsF5AJ8su5m+1ZVr8UgdTMR
GBZlnZYuwb6bFjEPu0hkXwTPGTzVI6yaj0MfcCfO01merJWpv0QtOwgVAvdDgoyX
9X8HId0hjWqS4fM82CMgIvfmYb9AGzEWVz4deGXlYPLX76tlsi+cu/YkHVWiznPS
znReyqliTY2q621WgdcK9xNWW/Kqf2W/CiEbmVIv0k59Hg3FpTGtrjcaS+ny98qw
kZpHGRtQNoojCvcSrx86Fnt7e3Oqr8woOtnUJxtzPeN6I0CYCMOw2pt02a9npVSC
iKxj84LsFQphMNjVhqrsmrYW7NS9RtWCoiVweEQAwS/+bKfoLniqT4cj8xgpCkHJ
W/7qz9qTR8sMTuEr2WhLouZyCk7z5FD6A49B+0OCPpUYuFE7Cll7+7hxSHuNqy8I
M74aEPNVO7DdE0iT0yz5EkIxn5oht/gaPwyN8QYCJxjyglUEHOBK/+hAnpvfeLEF
y5hEnpvgwgt9iZtqrI4S
=qZrE
-----END PGP SIGNATURE-----
--7s08lKxr317U4f7S2uiLNhLgbhqI41l89--