Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1385062

Summary: Manager SSL cert replacement breaks everything
Product: Red Hat Enterprise Virtualization Manager Reporter: Jeff Warnica <jwarnica>
Component: ovirt-engineAssignee: Yedidyah Bar David <didi>
Status: CLOSED DUPLICATE QA Contact: meital avital <mavital>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.0.0CC: gklein, lsurette, rbalakri, Rhev-m-bugs, srevivo, ykaul
Target Milestone: ovirt-4.0.6   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-20 13:11:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Warnica 2016-10-14 16:01:12 UTC 
Loosely based on the documentation at https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/paged/administration-guide/appendix-d-red-hat-virtualization-and-ssl , I used IPA to generate, request, install new certificates, e.g.:

# cd /etc/pki/ovirt-engine/certs
# rm /etc/pki/ovirt-engine/apache-ca.pem
# rm /etc/pki/ovirt-engine/certs/apache.cer  /etc/pki/ovirt-engine/keys/apache.key.nopass
#  ipa-getcert request  -f /etc/pki/ovirt-engine/certs/apache.cer -k /etc/pki/ovirt-engine/keys/apache.key.nopass 
	(verify file names here)
# systemctl restart httpd

Apache restarts, and the certificate is the new (and valid), but presents an error:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

API access (cloudforms) fails as well. 

I *assume* that I also replaced the internal certs somehow, but don't know how to repair.
Comment 2 Jeff Warnica 2016-10-20 13:11:30 UTC 

*** This bug has been marked as a duplicate of bug 1336838 ***