PKIX path validation failed

Hello experts. Environment: oVirt: Software Version:4.4.10.7-1.el8 OS: CentOS Linux release 8.5.2111 Symptoms: 1. At login prompt I see this: "PKIX path validation failed: java.security.certCertPathValidatorException: validity check failed" which successfully resolved by "engine-setup --offline" 2. Now the host at 'Unassigned' status and all VMs marked with '?' symbol. At vdsm.log I found message: ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: socket error, address: ::ffff:..... (sslutils:272) At engine.log I found messages: ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-2) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed ... 2024-06-10 17:54:13,576+05 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-8) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed Cause: Certificate expired. Questions: 1. How to bring host 'Online'? 2. How to properly update SSL?

Did you try to drop valid certificates in /etc/pki/tls/certs and run `update-ca-trust extract ` ? (see https://fedoraproject.org/wiki/Features/SharedSystemCertificates for details) If you use an openjdk jvm, and not temurin or oracle JDK, that should be enough.
Le 10 juin 2024 à 15:47, Ali Gusainov <uran987@gmail.com> a écrit :
Hello experts.
Environment: oVirt: Software Version:4.4.10.7-1.el8 OS: CentOS Linux release 8.5.2111
Symptoms: 1. At login prompt I see this: "PKIX path validation failed: java.security.certCertPathValidatorException: validity check failed" which successfully resolved by "engine-setup --offline" 2. Now the host at 'Unassigned' status and all VMs marked with '?' symbol. At vdsm.log I found message: ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: socket error, address: ::ffff:..... (sslutils:272) At engine.log I found messages: ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-2) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed ... 2024-06-10 17:54:13,576+05 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-8) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
Cause: Certificate expired.
Questions: 1. How to bring host 'Online'? 2. How to properly update SSL? _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ERNPMYZDMRJAEW...
participants (2)
-
Ali Gusainov
-
Fabrice Bacchella