<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 1, 2016 at 7:10 PM, Marcelo Leandro <span dir="ltr"><<a href="mailto:marceloltmm@gmail.com" target="_blank">marceloltmm@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I copied wrong.<br>
the authorityInfoAccess is not empty.<br>
yes, i followed correctly.<br>
<br>
attached cert.conf.<br></blockquote><div><br></div><div>Ok, thanks.</div><div>But keyUsage = critical,${ENV::OVIRT_KU}</div><div>extendedKeyUsage = ${ENV::OVIRT_EKU}</div><div>still looks strage.</div><div><br></div><div>Can you please check what you had before the migration?</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
thanks<br>
<div class=""><div class="h5"><br>
<br>
<br>
2016-02-01 14:25 GMT-03:00 Simone Tiraboschi <<a href="mailto:stirabos@redhat.com">stirabos@redhat.com</a>>:<br>
> Thanks Marcelo,<br>
> unfortunately I can confirm you that it's broken: ${ENV::OVIRT_EKU} didn't<br>
> get correctly replaced and authorityInfoAccess is empty.<br>
> Now we need to understand why it got generated this way, maybe something<br>
> went wrong in the backup and restore procedure.<br>
> Did you correctly followed this?<br>
> <a href="http://www.ovirt.org/User:Adrian15/oVirt_engine_migration#Restore_Certificates" rel="noreferrer" target="_blank">http://www.ovirt.org/User:Adrian15/oVirt_engine_migration#Restore_Certificates</a><br>
><br>
> thanks,<br>
> Simone<br>
><br>
><br>
> On Mon, Feb 1, 2016 at 5:49 PM, Marcelo Leandro <<a href="mailto:marceloltmm@gmail.com">marceloltmm@gmail.com</a>><br>
> wrote:<br>
>><br>
>> Hello simone,<br>
>><br>
>> yes,<br>
>> it's here:<br>
>><br>
>> RANDFILE = .rnd<br>
>><br>
>> [req]<br>
>><br>
>> default_bits = rsa:2048<br>
>> default_keyfile = keys/cert.pem<br>
>> distinguished_name = req_distinguished_name<br>
>> attributes = req_attributes<br>
>> x509_extensions = v3_ca<br>
>><br>
>> [req_attributes]<br>
>><br>
>> [v3_ca]<br>
>><br>
>> subjectKeyIdentifier = hash<br>
>> authorityInfoAccess =<br>
>><br>
>> caIssuers;URI:<a href="http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA" rel="noreferrer" target="_blank">http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA</a><br>
>> authorityKeyIdentifier = keyid:always,issuer:always<br>
>> basicConstraints = CA:false<br>
>> keyUsage = critical,digitalSignature,keyEncipherment<br>
>> extendedKeyUsage = critical,serverAuth,clientAuth<br>
>><br>
>> [custom]<br>
>> subjectKeyIdentifier = hash<br>
>> authorityInfoAccess =<br>
>><br>
>> caIssuers;URI:<a href="http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA" rel="noreferrer" target="_blank">http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA</a><br>
>> authorityKeyIdentifier = keyid:always,issuer:always<br>
>> basicConstraints = CA:false<br>
>> keyUsage = critical,${ENV::OVIRT_KU}<br>
>> extendedKeyUsage = ${ENV::OVIRT_EKU}<br>
>><br>
>> [req_distinguished_name]<br>
>><br>
>><br>
>> Thanks.<br>
>><br>
>> 2016-02-01 11:49 GMT-03:00 Simone Tiraboschi <<a href="mailto:stirabos@redhat.com">stirabos@redhat.com</a>>:<br>
>> ><br>
>> > On Mon, Feb 1, 2016 at 3:30 PM, Marcelo Leandro <<a href="mailto:marceloltmm@gmail.com">marceloltmm@gmail.com</a>><br>
>> > wrote:<br>
>> >><br>
>> >> ERROR: on line 27 of config file 'cert.conf'<br>
>> >> 139871306037152:error:0E065068:configuration file<br>
>> >> routines:STR_COPY:variable has no value:conf_def.c:618:line 27<br>
>> >> Cannot sign certificate<br>
>> ><br>
>> ><br>
>> > This looks strange; can you please share the content of<br>
>> > /etc/pki/ovirt-engine/cert.conf ?<br>
><br>
><br>
</div></div></blockquote></div><br></div></div>