[ovirt-users] Cannot add new host

Simone Tiraboschi stirabos at redhat.com
Mon Feb 1 22:17:55 UTC 2016


On Mon, Feb 1, 2016 at 7:10 PM, Marcelo Leandro <marceloltmm at gmail.com>
wrote:

> I copied wrong.
> the authorityInfoAccess is not empty.
> yes, i followed correctly.
>
> attached cert.conf.
>

Ok, thanks.
But keyUsage = critical,${ENV::OVIRT_KU}
extendedKeyUsage = ${ENV::OVIRT_EKU}
still looks strage.

Can you please check what you had before the migration?



>
> thanks
>
>
>
> 2016-02-01 14:25 GMT-03:00 Simone Tiraboschi <stirabos at redhat.com>:
> > Thanks Marcelo,
> > unfortunately I can confirm you that it's broken: ${ENV::OVIRT_EKU}
> didn't
> > get correctly replaced and authorityInfoAccess is empty.
> > Now we need to understand why it got generated this way, maybe something
> > went wrong in the backup and restore procedure.
> > Did you correctly followed this?
> >
> http://www.ovirt.org/User:Adrian15/oVirt_engine_migration#Restore_Certificates
> >
> > thanks,
> > Simone
> >
> >
> > On Mon, Feb 1, 2016 at 5:49 PM, Marcelo Leandro <marceloltmm at gmail.com>
> > wrote:
> >>
> >> Hello simone,
> >>
> >> yes,
> >> it's here:
> >>
> >> RANDFILE = .rnd
> >>
> >> [req]
> >>
> >> default_bits = rsa:2048
> >> default_keyfile = keys/cert.pem
> >> distinguished_name = req_distinguished_name
> >> attributes = req_attributes
> >> x509_extensions = v3_ca
> >>
> >> [req_attributes]
> >>
> >> [v3_ca]
> >>
> >> subjectKeyIdentifier = hash
> >> authorityInfoAccess =
> >>
> >> caIssuers;URI:
> http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
> >> authorityKeyIdentifier = keyid:always,issuer:always
> >> basicConstraints = CA:false
> >> keyUsage = critical,digitalSignature,keyEncipherment
> >> extendedKeyUsage = critical,serverAuth,clientAuth
> >>
> >> [custom]
> >> subjectKeyIdentifier = hash
> >> authorityInfoAccess =
> >>
> >> caIssuers;URI:
> http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
> >> authorityKeyIdentifier = keyid:always,issuer:always
> >> basicConstraints = CA:false
> >> keyUsage = critical,${ENV::OVIRT_KU}
> >> extendedKeyUsage = ${ENV::OVIRT_EKU}
> >>
> >> [req_distinguished_name]
> >>
> >>
> >> Thanks.
> >>
> >> 2016-02-01 11:49 GMT-03:00 Simone Tiraboschi <stirabos at redhat.com>:
> >> >
> >> > On Mon, Feb 1, 2016 at 3:30 PM, Marcelo Leandro <
> marceloltmm at gmail.com>
> >> > wrote:
> >> >>
> >> >> ERROR: on line 27 of config file 'cert.conf'
> >> >> 139871306037152:error:0E065068:configuration file
> >> >> routines:STR_COPY:variable has no value:conf_def.c:618:line 27
> >> >> Cannot sign certificate
> >> >
> >> >
> >> > This looks strange; can you please share the content of
> >> > /etc/pki/ovirt-engine/cert.conf ?
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160201/ecf0d4ba/attachment-0001.html>


More information about the Users mailing list