Re: [pve-devel] Spice problems with intermediate certificates

3. /etc/pve/local/pve-ssl.pem contains the following: -BEGIN CERTIFICATE- [My Cert] -END CERTIFICATE- -BEGIN CERTIFICATE- [Intermediate cert] -END CERTIFICATE- -BEGIN RSA PRIVATE KEY- [Private key] -END RSA PRIVATE KEY- Please remove the

Re: [pve-devel] Spice problems with intermediate certificates

Please remove the private key here! I guess it wasn't necessary. I've removed it and everything seems to work. Best regards, Adrian Costin ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] Spice problems with intermediate certificates

: [pve-devel] Spice problems with intermediate certificates Hi all, unfortunately spice does not work when using intermediate certificates. I already posted the problem to the spice-devel list here: http://lists.freedesktop.org/archives/spice-devel/2014-August/017247.html Any help

Re: [pve-devel] Spice problems with intermediate certificates

25 Août 2014 07:32:43 Objet: [pve-devel] Spice problems with intermediate certificates Hi all, unfortunately spice does not work when using intermediate certificates. I already posted the problem to the spice-devel list here: http://lists.freedesktop.org/archives/spice-devel/2014-August

Re: [pve-devel] Spice problems with intermediate certificates

I'm using a rapidssl wildcard certificate without any problem. certificate chain is: *.odiso.net - rapidssl CA (intermediate) - geotrust global ca strange. Where do you store the intermediate cert? ___ pve-devel mailing list

Re: [pve-devel] Spice problems with intermediate certificates

I just check, in my pve-root-ca.pem I have both intermediate ca (rapidssl) + Geotrust cat /etc/pve/pve-root-ca.pem -BEGIN CERTIFICATE- rapidssl -END CERTIFICATE- -BEGIN CERTIFICATE- geotrust -END CERTIFICATE- And what is the content of

Re: [pve-devel] Spice problems with intermediate certificates

-BEGIN CERTIFICATE- rapidssl -END CERTIFICATE- Please can you post that certificate? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] Spice problems with intermediate certificates

Also, what is the output of: # openssl verify /etc/pve/local/pve-ssl.pem Can you verify without specifying a CAFile? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] Spice problems with intermediate certificates

aderum...@odiso.com, pve-devel@pve.proxmox.com Envoyé: Lundi 25 Août 2014 12:22:01 Objet: RE: [pve-devel] Spice problems with intermediate certificates Also, what is the output of: # openssl verify /etc/pve/local/pve-ssl.pem Can you verify without specifying a CAFile

Re: [pve-devel] Spice problems with intermediate certificates

# openssl verify /etc/pve/local/pve-ssl.pem # openssl verify /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem: serialNumber = 6OIC- M6dsSmyl3j9087fa638RY/f8cC3, OU = GT29098117, OU = See www.rapidssl.com/resources/cps (c)13, OU = Domain Control Validated - RapidSSL(R), CN =

Re: [pve-devel] Spice problems with intermediate certificates

- De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel@pve.proxmox.com Envoyé: Lundi 25 Août 2014 13:13:30 Objet: RE: [pve-devel] Spice problems with intermediate certificates # openssl verify /etc/pve/local/pve-ssl.pem # openssl verify /etc/pve

Re: [pve-devel] Spice problems with intermediate certificates

] Spice problems with intermediate certificates Yes, indeed # openssl verify -CAfile /etc/pve/pve-root-ca.pem /etc/pve/local/pve- ssl.pem /etc/pve/local/pve-ssl.pem: OK And /etc/pve/local/pve-ssl.pem only contain the server cert? Or does it include the CA files

Re: [pve-devel] Spice problems with intermediate certificates

On Mon, 25 Aug 2014 18:35:53 +0200 (CEST) Alexandre DERUMIER aderum...@odiso.com wrote: And /etc/pve/local/pve-ssl.pem only contain the server cert? yes, only the server cert. Mine contains both the server cert and the intermediate cert as described in the wiki:

Re: [pve-devel] Spice problems with intermediate certificates

Mine contains both the server cert and the intermediate cert as described in the wiki: So it seems I am the only one with that problem. So the question is if this is related to StartCom Certification Authority. Anybody successfully using StartCom Certification Authority with StartCom Class 2

Re: [pve-devel] Spice problems with intermediate certificates

Anybody successfully using StartCom Certification Authority with StartCom Class 2 Primary Intermediate Server CA? Yes. I've done the following: 1. Private key in: /etc/pve/local/pve-ssl.key and /etc/pve/pve-www.key 2. Intermediate cert file in: /etc/pve/pve-root-ca.pem 3.

[pve-devel] Spice problems with intermediate certificates

Hi all, unfortunately spice does not work when using intermediate certificates. I already posted the problem to the spice-devel list here: http://lists.freedesktop.org/archives/spice-devel/2014-August/017247.html Any help on that topic would be great.