[ovirt-users] Certificate Enrollment Failed

Dinuwan dinuwan at seychelles.sc
Mon Nov 3 09:19:28 UTC 2014


Hi Everyone, 

I managed to resolve the error with Alon's tip. There was actually a serial.txt.old file created (no idea how). What I did was put the same value in the old file in the new one and re-installed the host and it was successful! 

Thanks!

-----Original Message-----
From: Alon Bar-Lev [mailto:alonbl at redhat.com] 
Sent: Monday, November 03, 2014 12:06 PM
To: Dinuwan
Cc: users at ovirt.org
Subject: Re: [ovirt-users] Certificate Enrollment Failed

it means that /etc/pki/ovirt-engine/serial.txt is either empty or missing, should not happen if ca is set up.

----- Original Message -----
> From: "Dinuwan" <dinuwan at seychelles.sc>
> To: users at ovirt.org
> Sent: Monday, November 3, 2014 9:55:30 AM
> Subject: [ovirt-users] Certificate Enrollment Failed
> 
> 
> 
> Hello Everyone!
> 
> 
> 
> I am trying to re-install a host in an ovirt hosted-engine environment 
> but the second host keeps on failing with the Certificate Enrollment 
> failed error.
> 
> 
> 
> I have deleted the Host from the Engine but it always fails at the 
> certificate enrollment.
> 
> 
> 
> The following problem is similar to mine but I have checked my file 
> permissions and they are all as they should:
> 
> 
> 
> http://lists.ovirt.org/pipermail/users/2014-May/024738.html
> 
> 
> 
> engine.log :
> 
> 
> 
> 2014-11-03 11:22:38,485 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (VdsDeploy) Correlation ID: 2f0410ee, Call Stack: null, Custom Event 
> ID: -1$
> 
> 2014-11-03 11:22:39,496 ERROR
> [org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper] (VdsDeploy) 
> Sign Certificate request failed with exit code 1
> 
> 2014-11-03 11:22:39,497 ERROR
> [org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper] (VdsDeploy) 
> Sign Certificate request script errors:
> 
> Using configuration from openssl.conf
> 
> unable to load number from serial.txt
> 
> error while loading serial number
> 
> 139842728826696:error:0D066096:asn1 encoding 
> routines:a2i_ASN1_INTEGER:short
> line:f_int.c:215:
> 
> Cannot sign certificate
> 
> 
> 
> 2014-11-03 11:22:39,499 ERROR [org.ovirt.engine.core.bll.VdsDeploy]
> (VdsDeploy) Error during deploy dialog: java.lang.RuntimeException:
> Certificate enrollment failed
> 
> at
> org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper.signCertifica
> teRequest(OpenSslCAWrapper.java:56)
> [utils.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy._threadMain(VdsDeploy.java:927)
> [bll.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy.access$2000(VdsDeploy.java:83)
> [bll.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy$51.run(VdsDeploy.java:969) 
> [bll.jar:]
> 
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_71]
> 
> 
> 
> 2014-11-03 11:22:39,510 ERROR [org.ovirt.engine.core.bll.VdsDeploy]
> (org.ovirt.thread.pool-8-thread-2) [2f0410ee] Error during host 
> 10.10.10.2
> install: java.lang.RuntimeExc$
> 
> at
> org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper.signCertifica
> teRequest(OpenSslCAWrapper.java:56)
> [utils.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy._threadMain(VdsDeploy.java:927)
> [bll.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy.access$2000(VdsDeploy.java:83)
> [bll.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy$51.run(VdsDeploy.java:969) 
> [bll.jar:]
> 
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_71]
> 
> 
> 
> 2014-11-03 11:22:39,516 ERROR 
> [org.ovirt.engine.core.bll.InstallerMessages]
> (org.ovirt.thread.pool-8-thread-2) [2f0410ee] Installation 10.10.10.2:
> Certificate enrollment fa$
> 
> 2014-11-03 11:22:39,546 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (org.ovirt.thread.pool-8-thread-2) [2f0410ee] Correlation ID: 
> 2f0410ee, Cal$
> 
> 2014-11-03 11:22:39,548 ERROR [org.ovirt.engine.core.bll.VdsDeploy]
> (org.ovirt.thread.pool-8-thread-2) [2f0410ee] Error during host 
> 10.10.10.2 install, prefering first exce$
> 
> at
> org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper.signCertifica
> teRequest(OpenSslCAWrapper.java:56)
> [utils.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy._threadMain(VdsDeploy.java:927)
> [bll.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy.access$2000(VdsDeploy.java:83)
> [bll.jar:]
> 
> at org.ovirt.engine.core.bll.VdsDeploy$51.run(VdsDeploy.java:969) 
> [bll.jar:]
> 
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_71]
> 
> 
> 
> 
> 
> I’ve been struggling with this problem for about a week now, and I 
> have tried changing HostIDs and re-installing 
> ovirt-hosted-engine-setup but it still appears. The only thing I 
> couldn’t try is to re-install the machine. The problem with that is I 
> have my gluster bricks running on the same therefore it is the last option I want to consider.
> 
> 
> 
> Hopefully somebody will be able to assist me with this.
> 
> 
> 
> Thanks in advance.
> 
> 
> Dinu.
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 




More information about the Users mailing list