Re: [ovirt-users] Cannot add new host

1 Feb 2016

      On Mon, Feb 1, 2016 at 7:10 PM, Marcelo Leandro <marceloltmm@gmail.com>
wrote:
...
I copied wrong.
the authorityInfoAccess is not empty.
yes, i followed correctly.
attached cert.conf.
Ok, thanks.
But keyUsage = critical,${ENV::OVIRT_KU}
extendedKeyUsage = ${ENV::OVIRT_EKU}
still looks strage.

Can you please check what you had before the migration?
...
thanks
2016-02-01 14:25 GMT-03:00 Simone Tiraboschi <stirabos@redhat.com>:
...
Thanks Marcelo,
unfortunately I can confirm you that it's broken: ${ENV::OVIRT_EKU}
didn't
get correctly replaced and authorityInfoAccess is empty.
Now we need to understand why it got generated this way, maybe something
went wrong in the backup and restore procedure.
Did you correctly followed this?
http://www.ovirt.org/User:Adrian15/oVirt_engine_migration#Restore_Certificat...
...
thanks,
Simone
On Mon, Feb 1, 2016 at 5:49 PM, Marcelo Leandro <marceloltmm@gmail.com>
wrote:
...
Hello simone,
yes,
it's here:
RANDFILE = .rnd
[req]
default_bits = rsa:2048
default_keyfile = keys/cert.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
[req_attributes]
[v3_ca]
subjectKeyIdentifier = hash
authorityInfoAccess =
caIssuers;URI:
http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
...
...
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:false
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = critical,serverAuth,clientAuth
[custom]
subjectKeyIdentifier = hash
authorityInfoAccess =
caIssuers;URI:
http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:false
keyUsage = critical,${ENV::OVIRT_KU}
extendedKeyUsage = ${ENV::OVIRT_EKU}
[req_distinguished_name]
Thanks.
2016-02-01 11:49 GMT-03:00 Simone Tiraboschi <stirabos@redhat.com>:
...
On Mon, Feb 1, 2016 at 3:30 PM, Marcelo Leandro <
marceloltmm@gmail.com>
...
wrote:
...
ERROR: on line 27 of config file 'cert.conf'
139871306037152:error:0E065068:configuration file
routines:STR_COPY:variable has no value:conf_def.c:618:line 27
Cannot sign certificate
This looks strange; can you please share the content of
/etc/pki/ovirt-engine/cert.conf ?

Simone Tiraboschi

tags

participants (1)