Hide Forgot
Description of problem: This Guide: https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/single/administration-guide/#Replacing_the_SSL_certificate_used_by_Red_Hat_Enterprise_Virtualization_Manager_to_identify_itself_to_users_connecting_over_https Is missing the steps from the "Doc Text" of this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1336838 Because a fresh install of 4.0 hit the same issue when following the Documentation. The upgrade guide already contains a note regarding it - look at the BZ. But wouldn't it be preferable if the steps were properly outlined in the Documentation? https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/single/upgrade-guide/#Upgrading_to_Red_Hat_Virtualization_Manager_4.0 Actual results following the Documentation: admin@internal cannot login ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-2) [] server_error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Expected results: admin@internal logs in fine Additional info: I believe correct steps would be like this: 1. trust anchor /<path>/ca.crt && update-ca-trust 2. Follow the current docs 3. create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" 4. service ovirt-engine restart
Closing this bug as a duplicate of BZ#1336845. This bug helped clarify the other one for me, though, so thanks for raising it, Germano. *** This bug has been marked as a duplicate of bug 1336845 ***