Did you try to drop valid certificates in /etc/pki/tls/certs and run `update-ca-trust extract ` ? (see https://fedoraproject.org/wiki/Features/SharedSystemCertificates for details)
If you use an openjdk jvm, and not temurin or oracle JDK, that should be enough. > Le 10 juin 2024 à 15:47, Ali Gusainov <uran...@gmail.com> a écrit : > > Hello experts. > > Environment: > oVirt: Software Version:4.4.10.7-1.el8 > OS: CentOS Linux release 8.5.2111 > > Symptoms: > 1. At login prompt I see this: > "PKIX path validation failed: java.security.certCertPathValidatorException: > validity check failed" > which successfully resolved by "engine-setup --offline" > 2. Now the host at 'Unassigned' status and all VMs marked with '?' symbol. > At vdsm.log I found message: > ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl > handshake: socket error, address: ::ffff:..... (sslutils:272) > At engine.log I found messages: > ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] > (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-2) [] > Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: > VDSNetworkException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: validity check failed > ... > 2024-06-10 17:54:13,576+05 ERROR > [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] > (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-8) [] > Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: > VDSNetworkException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: validity check failed > > Cause: > Certificate expired. > > Questions: > 1. How to bring host 'Online'? > 2. How to properly update SSL? > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/ERNPMYZDMRJAEWQI5VZJMX4YOK3TJWS5/ _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5HPVZKQM4JSVE4ISJSF5ZCMUFFPMET23/
