Did you try to drop valid certificates in /etc/pki/tls/certs and run 
`update-ca-trust extract ` ? (see 
https://fedoraproject.org/wiki/Features/SharedSystemCertificates for details)

If you use an openjdk jvm, and not temurin or oracle JDK, that should be enough.

> Le 10 juin 2024 à 15:47, Ali Gusainov <uran...@gmail.com> a écrit :
> 
> Hello experts.
> 
> Environment:
> oVirt: Software Version:4.4.10.7-1.el8
> OS: CentOS Linux release 8.5.2111
> 
> Symptoms:
> 1. At login prompt I see this:
> "PKIX path validation failed: java.security.certCertPathValidatorException: 
> validity check failed"
> which successfully resolved by "engine-setup --offline"
> 2. Now the host at 'Unassigned' status and all VMs marked with '?' symbol. 
> At vdsm.log I found message:
> ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl 
> handshake: socket error, address: ::ffff:..... (sslutils:272)
> At engine.log I found messages:
> ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] 
> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-2) [] 
> Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: 
> VDSNetworkException: PKIX path validation failed: 
> java.security.cert.CertPathValidatorException: validity check failed
> ...
> 2024-06-10 17:54:13,576+05 ERROR 
> [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] 
> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-8) [] 
> Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: 
> VDSNetworkException: PKIX path validation failed: 
> java.security.cert.CertPathValidatorException: validity check failed
> 
> Cause:
> Certificate expired.
> 
> Questions:
> 1. How to bring host 'Online'?
> 2. How to properly update SSL?
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ERNPMYZDMRJAEWQI5VZJMX4YOK3TJWS5/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5HPVZKQM4JSVE4ISJSF5ZCMUFFPMET23/

Reply via email to