[Users] Procedure to change engine host name

Juan Hernandez jhernand at redhat.com
Wed Oct 17 12:36:03 UTC 2012 

On 10/17/2012 02:36 PM, Neil wrote:
> Sorry to repost, anyone got any ideas here?
> 
> Thanks!
> 
> On Tue, Oct 16, 2012 at 12:27 PM, Neil <nwilson123 at gmail.com> wrote:
>> Hi Juan,
>>
>> Thank you very much for sending through these details, I'm finally
>> getting around to trying to regenerate my certs now, but I'm
>> encountering an issue with importing the old CA as per below...
>>
>> On Fri, Oct 5, 2012 at 5:03 PM, Juan Hernandez <jhernand at redhat.com> wrote:
>>> 5. Regenerate the keystore used by the engine, importing the old CA
>>> certificate and the new engine certificate:
>>>
>>> rm -f /etc/pki/ovirt-engine/.keystore
>>>
>>> keytool \
>>> -keystore /etc/pki/ovirt-engine/.keystore \
>>> -import \
>>> -alias cacert \
>>> -storepass mypass \
>>> -noprompt \
>>> -file /etc/pki/ovirt-engine/ca.pem
>>
>>
>> [root at backup ovirt-engine]# rm -f /etc/pki/ovirt-engine/.keystore
>> [root at backup ovirt-engine]# keytool \
>>> -keystore /etc/pki/ovirt-engine/.keystore \
>>> -import \
>>> -alias cacert \
>>> -storepass mypass \
>>> -noprompt \
>>> -file /etc/pki/ovirt-engine/ca.pem
>> keytool error: java.lang.Exception: Input not an X.509 certificate

The problem is probably that you are using the keytool from a Java 6
installation, and it doesn't support the PEM certificate format. You can
do two things to solve this:

1. Switch to Java 7 using "alternatives --config java". But this could
have adverse effects in other Java programs that you may be using. Note
that the oVirt engine is designed to use Java 7, so if you are using
Java 6 you can find other issues.

2. Create a DER encoded version of the CA certificate before importing it:

openssl x509 \
-in /etc/pki/ovirt-engine/ca.pem \
-inform pem \
-out /etc/pki/ovirt-engine/ca.cer \
-outform der

Then use the "ca.cer" file instead of the "ca.pem" file in the keytool
command.

Sorry for the late response.

>> My certificate was created on the early release of ovirt-engine 3.1 so
>> not sure if this is perhaps why?
>>
>> Thanks.
>>
>> Regards.
>>
>> Neil Wilson.

-- 
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.

More information about the Users mailing list