Oh yeah :)
I mistakenly used a root certificate from a local CA for
/etc/pki/ovirt-engine/apache-ca.pem.
Now I understood, and it works.
Thanks again.
16.08.2016, 16:15, "Jiri Belka" :
> IMO you "owe" explanation what was wrong, so other users
> could learn from your
IMO you "owe" explanation what was wrong, so other users
could learn from your mistakes and this mailing-list archive
would thus be beneficial for them when searching for help ;)
Anyway, that's great news!
j.
- Original Message -
From: "aleksey maksimov"
To:
Thank you, Jiri !
I did everything step by step and SPICE HTML5 browser client now works.
16.08.2016, 10:46, "Jiri Belka" :
> So,
>
> I used this for my own ca test:
>
> OWN CA AND OWN ENGINE KEY/CRT
> =
>
> 0> CA
>
> # awk '/my-/ || $1 ~
So,
I used this for my own ca test:
OWN CA AND OWN ENGINE KEY/CRT
=
0> CA
# awk '/my-/ || $1 ~ /^[^#]*_default/' /etc/pki/tls/openssl.cnf
certificate = $dir/my-ca.crt# The CA certificate
crl = $dir/my-ca.crl# The current CRL
Jiri, I did not hide information. Tell me what the log file should show and I
will show
16.08.2016, 10:29, "Jiri Belka" :
> It does have logs, filenames "hide" real data.
>
> You should reveal logs and what each file is and
> which exact commands you were executing.
>
> Vague
It does have logs, filenames "hide" real data.
You should reveal logs and what each file is and
which exact commands you were executing.
Vague statements won't help much. It does work for me,
there much be something strange in your setup but we
cannot know what without details.
j.
-
I tried a version of Nicolás.
No success :((
1) I create full bundle cert file:
# cat /etc/pki/ovirt-engine/certs/apache.cer
/etc/pki/ovirt-engine/apache-ca.pem >
/etc/pki/ovirt-engine/certs/apache-with-ca.cer
# openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer
We have a pretty likely configuration, with just one additional option:
FORCE_DATA_VERIFICATION=False
If it doesn't work, make sure the SSL_CERTIFICATE has the full bundle of
your certificate, including intermediate certs, not just the public
certificate. Then make sure to restart the
Hi Jiri.
But your variant does not work, too
# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
to:
PROXY_PORT=6100
#SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
#SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
#CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
It does not work for me. any ideas?
02.08.2016, 17:22, "Jiri Belka" :
> This works for me:
>
> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
> PROXY_PORT=6100
> SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
>
This works for me:
# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_ONLY=True
-
Hello oVirt guru`s !
I have successfully replaced the oVirt 4 site SSL-certificate according to the
instructions from "Replacing oVirt SSL Certificate"
section in "oVirt Administration Guide"
http://www.ovirt.org/documentation/admin-guide/administration-guide/
3 files have been replaced:
Hello oVirt guru`s !
I have successfully replaced the oVirt 4 site SSL-certificate according to the
instructions from "Replacing oVirt SSL Certificate"
section in "oVirt Administration Guide"
http://www.ovirt.org/documentation/admin-guide/administration-guide/
3 files have been replaced:
14 matches
Mail list logo