On 10/17/2012 02:36 PM, Neil wrote:
Sorry to repost, anyone got any ideas here?
Thanks!
On Tue, Oct 16, 2012 at 12:27 PM, Neil <nwilson123@gmail.com> wrote:
Hi Juan,
Thank you very much for sending through these details, I'm finally getting around to trying to regenerate my certs now, but I'm encountering an issue with importing the old CA as per below...
On Fri, Oct 5, 2012 at 5:03 PM, Juan Hernandez <jhernand@redhat.com> wrote:
5. Regenerate the keystore used by the engine, importing the old CA certificate and the new engine certificate:
rm -f /etc/pki/ovirt-engine/.keystore
keytool \ -keystore /etc/pki/ovirt-engine/.keystore \ -import \ -alias cacert \ -storepass mypass \ -noprompt \ -file /etc/pki/ovirt-engine/ca.pem
[root@backup ovirt-engine]# rm -f /etc/pki/ovirt-engine/.keystore [root@backup ovirt-engine]# keytool \
-keystore /etc/pki/ovirt-engine/.keystore \ -import \ -alias cacert \ -storepass mypass \ -noprompt \ -file /etc/pki/ovirt-engine/ca.pem keytool error: java.lang.Exception: Input not an X.509 certificate
The problem is probably that you are using the keytool from a Java 6 installation, and it doesn't support the PEM certificate format. You can do two things to solve this: 1. Switch to Java 7 using "alternatives --config java". But this could have adverse effects in other Java programs that you may be using. Note that the oVirt engine is designed to use Java 7, so if you are using Java 6 you can find other issues. 2. Create a DER encoded version of the CA certificate before importing it: openssl x509 \ -in /etc/pki/ovirt-engine/ca.pem \ -inform pem \ -out /etc/pki/ovirt-engine/ca.cer \ -outform der Then use the "ca.cer" file instead of the "ca.pem" file in the keytool command. Sorry for the late response.
My certificate was created on the early release of ovirt-engine 3.1 so not sure if this is perhaps why?
Thanks.
Regards.
Neil Wilson.
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.