This is Sat 6.3 install (Katello 3.4), no changes here: # Websockets :websockets_encrypt: on :websockets_ssl_key: /etc/pki/katello/private/katello-apache.key :websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt
# SSL-settings :ssl_certificate: /etc/foreman/client_cert.pem :ssl_ca_file: /etc/foreman/proxy_ca.pem :ssl_priv_key: /etc/foreman/client_key.pem On Tue, Dec 5, 2017 at 12:06 PM, Ewoud Kohl van Wijngaarden <[email protected]> wrote: > On Tue, Dec 05, 2017 at 09:43:20AM +0100, Lukas Zapletal wrote: >> >> I was trying noVNC the other day on FF 57. Imported katello CA (it was >> a katello intance), but it didn't work until I flipped flag >> "network.websocket.allowInsecureFromHTTPS" on and then it worked. >> >> I remember that Firefox always worked out of box - when server CA was >> imported, it worked like charm. In the documentation we have "FF might >> need to turn on this flag". Anyone knows under which circumstances we >> need to flip this on? >> >> Any luck setting up FF 57 without any hacking with noVNC? >> >> https://theforeman.org/manuals/1.15/index.html#7.1NoVNC > > > There are settings (websockets_ssl_{key,cert}) to choose which certificate > is presented by the VNC websockets proxy. Are you sure the correct > certificates are used by it? > > -- > You received this message because you are subscribed to the Google Groups > "foreman-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- Later, Lukas @lzap Zapletal -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
