I have solved my issue, I had to manually add the updated ca.pem and certs/engine.cer to /etc/pki/java/cacerts using keytool. Now I will work on getting the new certs to the hypervisors and then follow the enroll certificate process.

Thanks
Don

On Thu, Jun 16, 2022 at 9:27 AM Nathanaël Blanchet <blanchet@abes.fr> wrote:

Hello Don,

I'm sorry  not to be able to help you... I was just happy that a simple 4.4 procedure was available when I needed it last month...

There is no more support from community since a long time on 4.2 branch, that's why the best upgrade strategy is to regulary upgrade on upstream product.

Neitherless, I'm sure the embbeded procedure to renew engine certs into "engine-setup --offline" should be nearly the same as the one to renew a 4.2 engine.

May a RedHat guy help you on the way to follow...

Good luck.

Le 16/06/2022 à 15:25, Don Dupuis a écrit :
Nathanaël
Do you have a procedure that works on Ovirt 4.2.x as the engine-setup --offline doesn't seem to work for me as Admin Portal has a failure of "unable to find valid certification path" message. I have posted about this twice this week with no response from anyone. My engine and 32 hypervisors have expired certificates.

Thanks
Don

On Thu, Jun 16, 2022 at 7:51 AM Nathanaël Blanchet <blanchet@abes.fr> wrote:

Hello,

If you refer to:

  1. engine apache certificate expiration ("PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:) to access to ovirt console.
    => engine-setup --offline
  2. hosts certificate expiration?
    =>  https://access.redhat.com/solutions/3532921
    I also wrote a playbook to do so there: https://galaxy.ansible.com/natman/ovirt_renew_certs
    In this case, don't forget to renew certificate with UI (into maintenance) when host is reponding, otherwise you may enconter issues with console or live migration or other SSL related stuff.

tested and approved.

Le 16/06/2022 à 12:34, Marko Vrgotic a écrit :

Dear oVirt,

 

The oVirt SSL certificated were changed to one-year renewal and we have a problem now.

We are running 4.4.x version with SHE on local storage cluster and we have four more local storage clusters.

 

One the cluster running SHE, the engine and host certificates have expired. We found the procedure for renewal prior to expiration, but we do not have a mnual one, required once certificates have expired.

 

Would you be so kind to share the manual or steps needed to fix our oVirt setup.

 

Thank you in advance.

 

 

-----

kind regards/met vriendelijke groeten

 

Marko Vrgotic
Sr. System Engineer @ System Administration


ActiveVideo

o: +31 (35) 6774131

m: +31 (65) 5734174

e: m.vrgotic@activevideo.com
w: www.activevideo.com

 

ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein 1.1217 WJ Hilversum, The Netherlands. The information contained in this message may be legally privileged and confidential. It is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited.  If you have received this message in error, please immediately notify the sender and/or ActiveVideo Networks, LLC by telephone at +1 408.931.9200 and delete or destroy any copy of this message.

 

 


_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5LOTLSGBZQAZQD7L76ZMGFALTHODKYKO/
-- 
Nathanaël Blanchet

Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 	
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanchet@abes.fr
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3S3XZX6RVXJCU5F2E6466UPG36QAIYGL/
-- 
Nathanaël Blanchet

Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 	
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanchet@abes.fr