ovirt 4.4.10.x, using self signed certificates with a self hosted engine.
apache certs expired, renewed manually via guides provided by RHEL and oVirt
using the pki_enroll_pkcs12.sh script. Engine certs are also expired and cannot
update certs via gui and no option to renew the certs when running using
engine-setup --offline. The error I am getting is a VDSM certificate error on
the hosted engine in the engine.log file. I have attempted to manually run the
pki_enroll_pkcs12.sh script with "engine" in the name and the subject of the
previous engine.cer file with no luck. I copied the p12, key and cert from that
attempt into the engine.cer, engine.p12 and engine_id_rsa files, but when
booting the hosted engine VM, the first error in the engine.log is "VDC cannot
find the engine certificate". This also breaks my access to the web interface
for oVirt administration. When the expired engine certs are restored, I have
GUI access but still see the VDSM errors on the ovirt-engine. That I hav
e web access with the expired engine certs indicate to me that the apache
certificates are correct (but i could be wrong in that evaluation).
Basically i am looking for a way to either force the enroll pki option in the
engine-setup --offline script or manually generate and update the engine.cer,
engine.p12 (and if needed, but i couldn't determine where it was used) the
engine_id_rsa key.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TUC23EBAKAQSTTEMXN6D3STUXS26ZWT3/