OLVM: Third-Party CA SSL Certificate Replacement Fails (Doc ID 2930279.1)

Last updated on FEBRUARY 23, 2023

Applies to:

Symptoms

On Oracle Linux Virtualization Manager (OLVM), the user has successfully been using a third-party CA signed SSL certificate for the OLVM infrastructure by following the KM Document provided below. However, they are experiencing issues with the OLVM BUI/URI, which are detailed further below.
OLVM: How to replace the OLVM Engine Apache SSL CA Certificate with the Third-party CA (Certificate Authority) Certificate (Doc ID 2885170.1)

ERROR
The OLVM BUI (https://olvm-engine.example.com/ovirt-engine) is displaying the following error message: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

-engine.log:
2023-02-21 14:40:03,372-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-5) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:41:00,451-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-6) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:41:02,010-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-5) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:41:05,811-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-6) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:41:33,599-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-8) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:42:29,698-08 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-8) [] Internal Server Error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:42:29,698-08 ERROR [org.ovirt.engine.core.sso.service.SsoService] (default task-8) [] PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:42:29,791-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-8) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:51:58,311-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-1) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:52:25,666-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-2) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 14:58:13,693-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 15:01:43,706-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-4) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 15:23:35,311-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-1) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
2023-02-21 15:44:37,780-08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-5) [] server_error: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

Changes

3rd-Party CA Certificate replacement/update.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.