Re: [foreman-dev] Firefox 57 and noVNC
This is Sat 6.3 install (Katello 3.4), no changes here: # Websockets :websockets_encrypt: on :websockets_ssl_key: /etc/pki/katello/private/katello-apache.key :websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt # SSL-settings :ssl_certificate: /etc/foreman/client_cert.pem :ssl_ca_file: /etc/foreman/proxy_ca.pem :ssl_priv_key: /etc/foreman/client_key.pem On Tue, Dec 5, 2017 at 12:06 PM, Ewoud Kohl van Wijngaardenwrote: > On Tue, Dec 05, 2017 at 09:43:20AM +0100, Lukas Zapletal wrote: >> >> I was trying noVNC the other day on FF 57. Imported katello CA (it was >> a katello intance), but it didn't work until I flipped flag >> "network.websocket.allowInsecureFromHTTPS" on and then it worked. >> >> I remember that Firefox always worked out of box - when server CA was >> imported, it worked like charm. In the documentation we have "FF might >> need to turn on this flag". Anyone knows under which circumstances we >> need to flip this on? >> >> Any luck setting up FF 57 without any hacking with noVNC? >> >> https://theforeman.org/manuals/1.15/index.html#7.1NoVNC > > > There are settings (websockets_ssl_{key,cert}) to choose which certificate > is presented by the VNC websockets proxy. Are you sure the correct > certificates are used by it? > > -- > You received this message because you are subscribed to the Google Groups > "foreman-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-dev+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Later, Lukas @lzap Zapletal -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-dev] Firefox 57 and noVNC
On Tue, Dec 05, 2017 at 09:43:20AM +0100, Lukas Zapletal wrote: I was trying noVNC the other day on FF 57. Imported katello CA (it was a katello intance), but it didn't work until I flipped flag "network.websocket.allowInsecureFromHTTPS" on and then it worked. I remember that Firefox always worked out of box - when server CA was imported, it worked like charm. In the documentation we have "FF might need to turn on this flag". Anyone knows under which circumstances we need to flip this on? Any luck setting up FF 57 without any hacking with noVNC? https://theforeman.org/manuals/1.15/index.html#7.1NoVNC There are settings (websockets_ssl_{key,cert}) to choose which certificate is presented by the VNC websockets proxy. Are you sure the correct certificates are used by it? -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[foreman-dev] Firefox 57 and noVNC
Hello, I was trying noVNC the other day on FF 57. Imported katello CA (it was a katello intance), but it didn't work until I flipped flag "network.websocket.allowInsecureFromHTTPS" on and then it worked. I remember that Firefox always worked out of box - when server CA was imported, it worked like charm. In the documentation we have "FF might need to turn on this flag". Anyone knows under which circumstances we need to flip this on? Any luck setting up FF 57 without any hacking with noVNC? https://theforeman.org/manuals/1.15/index.html#7.1NoVNC -- Later, Lukas @lzap Zapletal -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.