Hi, 1) Try to run engine-setup again on oVirt Engine VM, and renew certificates.
2) I had even more nasty problem with zombie node host, which was completely unmanageable. Jose from albasoft.com solved this problem, contact hem via e-mail if necessary.
On 8/29/22 20:32, v...@itiviti.com wrote:
Hi Team, I'm looking for your help since I didn't find any clear documentation. Is there somewhere in ovirt website a clear documentation about how to renew the engine certificates located in /etc/pki/ovirt-engine/certs/ We have an engine GUI not working, showing error message "PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed". After checking, all the cert in /etc/pki/ovirt-engine/certs/ are expired. I didn't find a clear documentation on ovirt website, or even on redhat website (it was always about host but not the engine) Anyway I've read that the renew process can be done via "engine-setup --offline", but when I try it, it generates this error: --== PKI CONFIGURATION ==-- [ ERROR ] Failed to execute stage 'Environment customization': Unable to load certificate. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details. and in log file: File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1371, in load_pem_x509_certificate "Unable to load certificate. See https://cryptography.io/en/la" ValueError: Unable to load certificate. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details. 2022-08-29 19:16:29,502+0200 ERROR otopi.context context._executeMethod:154 Failed to execute stage 'Environment customization': Unable to load certificate. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details. I've also tried the manual procedure (using /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh) mentioned in https://users.ovirt.narkive.com/4ugjgicE/ovirt-regenerating-new-ssl-certificates-for-ovirt-engine (message from Alon Bar-Lev), but the 4th command always says I enter a wrogn apssword, but it's not. we are blocked here and we can't use our ovirt cluster, so it's pretty blocking. Thx a lot in advance _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RYHJ4XJAYCAN3KVT7BJOGRUU6JEZTXCF/
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQ2KOSHBKY3C5LLW4NWVMQK64IWJJDMC/