<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 10, 2017 at 11:48 PM, ~Stack~ <span dir="ltr"><<a href="mailto:i.am.stack@gmail.com" target="_blank">i.am.stack@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Greetings,<br>
<br>
OS: Scientific Linux 7.3<br>
Ovirt: 4.1.6.2-1.el7.centos<br>
Foreman: 1.16.0-RC1<br>
<br>
I updated my OVirt SSL cert from a self-signed to a purchased one using<br>
the directions here:<br>
<a href="https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/" rel="noreferrer" target="_blank">https://www.ovirt.org/<wbr>documentation/admin-guide/<wbr>appe-oVirt_and_SSL/</a><br>
<br>
Everything seems to work from the web interface.<br>
<br>
Then I tried to add in Foreman. Thats where I get the error:<br>
<br>
Unable to save<br>
ERF56-1309 [Foreman::<wbr>FingerprintException]: The remote system presented<br>
a public key signed by an unidentified certificate authority. If you are<br>
sure the remote system is authentic, go to the compute resource edit<br>
page, press the 'Test Connection' or 'Load Datacenters' button and submit.<br>
<br>
Everything I can find says that it *should* be resolved - From Red Hat,<br>
to Foreman, to even the Ovirt list! Yet there it is!<br>
<br>
Well after poking at it for a while, I realized that the cert Foreman<br>
was auto-resolving was still the /OLD/ cert!<br>
<br>
Step #2 in those ovirt directions says to break the symbolic link to<br>
/etc/pki/ovirt-engine/ca.pem. But it doesn't say what to do with that<br>
file. So I replaced it with my cert. Restarted ovirt and now Foreman<br>
resolves the correct X509 cert! (I have no idea if that broke something<br>
else.)<br>
<br>
But I still get the error in foreman. :-(<br>
<br>
I feel like I'm still missing something in the ovirt configs. Something<br>
needs to be updated/replaced in ovirt that isn't in those docs.<br>
<br>
Can anyone help me out please? I've been trying for hours and not making<br></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Hi,<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">are you able to login to oVirt webadmin successfully? If so then oVirt side should be fine.<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">About Foreman, is it installed on the same machine as oVirt? If not could you please check, that your custom CA is included either in host wide truststore or in specific trustore for Foreman (no idea what Foreman is using, better to ask in specific Foreman</div> <div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">mailing list).<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Regards<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Martin<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
progress.<br>
Thanks!<br>
<span class="HOEnZb"><font color="#888888"><br>
~Stack~<br>
<br>
<br>
</font></span><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div>