Note to QE (copied from cloned bug 1260752 comment 7): Current patch makes engine-setup output the following in such a case: [WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12' Perhaps it was changed since last Setup. Error was: Mac verify error: invalid password? It will do that twice per file - once during customization, right before asking whether to renew the CA, and again while actually renewing. I personally verified that by just changing the passphrase of apache.p12 and websocket-proxy.p12 . Please try also other combinations, e.g. also engine.p12 or jboss.p12 (might break stuff, doc (link above) mentions only apache.p12), and also by using a key/cert signed by a 3rd party CA, both using passphrase 'mypass' and something different.
Verified with: ovirt-engine-3.4.4-1.el6.noarch -> ovirt-engine-3.5.7.1-0.0.master.20151220162429.git1e35eec.el6.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0029.html