noVNC console error : Something went wrong, connection is closed
Hello everyone, Context : oVirt 4.4.9.3-1.el8 glusterfs 8.6 Self-hosted engine Problem: Since I update my certificates (with engine-setup) because of the warning that my certs will expire soon, I can't open the noVNC console anymore. In the logs on engine, I have these : in /var/log/messages : ovsdb-server[510110]: ovs|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: receive error: Protocol error ovsdb-server[510110]: ovs|04629|reconnect|WARN|ssl:[::ffff:<ip_node_1>]:51214: connection dropped (Protocol error) journal[516217]: 2022-12-21 11:31:27,800+0100 ovirt-websocket-proxy: INFO msg:871 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:897) ovirt-websocket-proxy.py[509812]: ovirt-websocket-proxy[516217] INFO msg:871 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:897) ovsdb-server[510110]: ovs|04632|stream_ssl|WARN|SSL_accept: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed in /var/log/openvswitch/ovsdb-server-sb.log : 2022-12-21T10:31:22.540Z|04626|stream_ssl|WARN|SSL_accept: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed 2022-12-21T10:31:22.541Z|04627|jsonrpc|WARN|Dropped 1 log messages in last 8 seconds (most recently, 8 seconds ago) due to excessive rate 2022-12-21T10:31:22.541Z|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: receive error: Protocol error 2022-12-21T10:31:22.542Z|04629|reconnect|WARN|ssl:[::ffff:<ip_node_1>]:51214: connection dropped (Protocol error) I've tried these commands (found here : https://access.redhat.com/solutions/6877501) : /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovirt-provider-ovn" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovn-ndb" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovn-sdb" --password=mypass --subject="<subject_engine>" --keep-key systemctl restart ovirt-provider-ovn.service systemctl restart ovn-northd.service Still not work, so I've seen that some certificates was still not renewed : /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-helper" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-host" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-user" --password=mypass --subject="<subject_engine>" --keep-key And restart every ovirt services. But it still does not work better. I don't see any other unvalid certificates in /etc/pki/ovirt-engine/certs/, so I don't know which certificate is invalid for ovsdb. Thanks for any advice. Best regards, Michael
Hi, You may need to import the new certificate to the browser. Regards, Lucia On Wed, Dec 21, 2022 at 11:42 AM <dvx.mellin@gmail.com> wrote:
Hello everyone,
Context : oVirt 4.4.9.3-1.el8 glusterfs 8.6 Self-hosted engine
Problem: Since I update my certificates (with engine-setup) because of the warning that my certs will expire soon, I can't open the noVNC console anymore.
In the logs on engine, I have these : in /var/log/messages : ovsdb-server[510110]: ovs|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: receive error: Protocol error ovsdb-server[510110]: ovs|04629|reconnect|WARN|ssl:[::ffff:<ip_node_1>]:51214: connection dropped (Protocol error) journal[516217]: 2022-12-21 11:31:27,800+0100 ovirt-websocket-proxy: INFO msg:871 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:897) ovirt-websocket-proxy.py[509812]: ovirt-websocket-proxy[516217] INFO msg:871 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:897) ovsdb-server[510110]: ovs|04632|stream_ssl|WARN|SSL_accept: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
in /var/log/openvswitch/ovsdb-server-sb.log : 2022-12-21T10:31:22.540Z|04626|stream_ssl|WARN|SSL_accept: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed 2022-12-21T10:31:22.541Z|04627|jsonrpc|WARN|Dropped 1 log messages in last 8 seconds (most recently, 8 seconds ago) due to excessive rate 2022-12-21T10:31:22.541Z|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: receive error: Protocol error 2022-12-21T10:31:22.542Z|04629|reconnect|WARN|ssl:[::ffff:<ip_node_1>]:51214: connection dropped (Protocol error)
I've tried these commands (found here : https://access.redhat.com/solutions/6877501) : /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovirt-provider-ovn" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovn-ndb" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovn-sdb" --password=mypass --subject="<subject_engine>" --keep-key systemctl restart ovirt-provider-ovn.service systemctl restart ovn-northd.service
Still not work, so I've seen that some certificates was still not renewed : /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-helper" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-host" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-user" --password=mypass --subject="<subject_engine>" --keep-key And restart every ovirt services.
But it still does not work better.
I don't see any other unvalid certificates in /etc/pki/ovirt-engine/certs/, so I don't know which certificate is invalid for ovsdb.
Thanks for any advice. Best regards,
Michael _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MD2TXPGRX4V5EI...
Hi Lucia, Thanks for answer but I didn't put any certificate in my browser before, so I don't see any reason to put it something now. And I don't see whih one BTW, the SSL certificate for website is a real certificate emitted by a valid public CA (already known by my browser). Regards, Michael
participants (2)
-
dvx.mellin@gmail.com -
Lucia Jelinkova