Re: [ovirt-users] Cannot add new host

On Mon, Feb 1, 2016 at 7:10 PM, Marcelo Leandro <marceloltmm@gmail.com> wrote:
I copied wrong. the authorityInfoAccess is not empty. yes, i followed correctly.
attached cert.conf.
Ok, thanks. But keyUsage = critical,${ENV::OVIRT_KU} extendedKeyUsage = ${ENV::OVIRT_EKU} still looks strage. Can you please check what you had before the migration?
thanks
2016-02-01 14:25 GMT-03:00 Simone Tiraboschi <stirabos@redhat.com>:
Thanks Marcelo, unfortunately I can confirm you that it's broken: ${ENV::OVIRT_EKU} didn't get correctly replaced and authorityInfoAccess is empty. Now we need to understand why it got generated this way, maybe something went wrong in the backup and restore procedure. Did you correctly followed this?
http://www.ovirt.org/User:Adrian15/oVirt_engine_migration#Restore_Certificat...
thanks, Simone
On Mon, Feb 1, 2016 at 5:49 PM, Marcelo Leandro <marceloltmm@gmail.com> wrote:
Hello simone,
yes, it's here:
RANDFILE = .rnd
[req]
default_bits = rsa:2048 default_keyfile = keys/cert.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca
[req_attributes]
[v3_ca]
subjectKeyIdentifier = hash authorityInfoAccess =
caIssuers;URI:
http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = CA:false keyUsage = critical,digitalSignature,keyEncipherment extendedKeyUsage = critical,serverAuth,clientAuth
[custom] subjectKeyIdentifier = hash authorityInfoAccess =
caIssuers;URI: http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = CA:false keyUsage = critical,${ENV::OVIRT_KU} extendedKeyUsage = ${ENV::OVIRT_EKU}
[req_distinguished_name]
Thanks.
2016-02-01 11:49 GMT-03:00 Simone Tiraboschi <stirabos@redhat.com>:
On Mon, Feb 1, 2016 at 3:30 PM, Marcelo Leandro <
marceloltmm@gmail.com>
wrote:
ERROR: on line 27 of config file 'cert.conf' 139871306037152:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 27 Cannot sign certificate
This looks strange; can you please share the content of /etc/pki/ovirt-engine/cert.conf ?
participants (1)
-
Simone Tiraboschi