Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-16 Thread aleksey . maksimov
Oh yeah :) I mistakenly used a root certificate from a local CA for /etc/pki/ovirt-engine/apache-ca.pem. Now I understood, and it works. Thanks again. 16.08.2016, 16:15, "Jiri Belka" : > IMO you "owe" explanation what was wrong, so other users > could learn from your

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-16 Thread Jiri Belka
IMO you "owe" explanation what was wrong, so other users could learn from your mistakes and this mailing-list archive would thus be beneficial for them when searching for help ;) Anyway, that's great news! j. - Original Message - From: "aleksey maksimov" To:

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-16 Thread aleksey . maksimov
Thank you, Jiri ! I did everything step by step and SPICE HTML5 browser client now works. 16.08.2016, 10:46, "Jiri Belka" : > So, > > I used this for my own ca test: > > OWN CA AND OWN ENGINE KEY/CRT > = > > 0> CA > > # awk '/my-/ || $1 ~

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-16 Thread Jiri Belka
So, I used this for my own ca test: OWN CA AND OWN ENGINE KEY/CRT = 0> CA # awk '/my-/ || $1 ~ /^[^#]*_default/' /etc/pki/tls/openssl.cnf certificate = $dir/my-ca.crt# The CA certificate crl = $dir/my-ca.crl# The current CRL

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-16 Thread aleksey . maksimov
Jiri, I did not hide information. Tell me what the log file should show and I will show 16.08.2016, 10:29, "Jiri Belka" : > It does have logs, filenames "hide" real data. > > You should reveal logs and what each file is and > which exact commands you were executing. > > Vague

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-16 Thread Jiri Belka
It does have logs, filenames "hide" real data. You should reveal logs and what each file is and which exact commands you were executing. Vague statements won't help much. It does work for me, there much be something strange in your setup but we cannot know what without details. j. -

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-15 Thread aleksey . maksimov
I tried a version of Nicolás. No success :(( 1) I create full bundle cert file: # cat /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/apache-ca.pem > /etc/pki/ovirt-engine/certs/apache-with-ca.cer # openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-14 Thread Nicolás
We have a pretty likely configuration, with just one additional option: FORCE_DATA_VERIFICATION=False If it doesn't work, make sure the SSL_CERTIFICATE has the full bundle of your certificate, including intermediate certs, not just the public certificate. Then make sure to restart the

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-14 Thread aleksey . maksimov
Hi Jiri. But your variant does not work, too # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=6100 SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-13 Thread Jiri Belka
I have different files for those variables, maybe this is the case? Review again. j. - Original Message - From: "aleksey maksimov" To: "Jiri Belka" Cc: "users" Sent: Saturday, August 13, 2016 4:57:45 PM Subject: Re:

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-13 Thread aleksey . maksimov
I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to: PROXY_PORT=6100 #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-13 Thread aleksey . maksimov
It does not work for me. any ideas? 02.08.2016, 17:22, "Jiri Belka" : > This works for me: > > # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > PROXY_PORT=6100 > SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem >

Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-02 Thread Jiri Belka
This works for me: # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=6100 SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=True -

[ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-01 Thread aleksey . maksimov
Hello oVirt guru`s ! I have successfully replaced the oVirt 4 site SSL-certificate according to the instructions from "Replacing oVirt SSL Certificate" section in "oVirt Administration Guide" http://www.ovirt.org/documentation/admin-guide/administration-guide/ 3 files have been replaced:

[ovirt-users] oVirt 4 with custom SSL certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

2016-08-01 Thread Алексей Максимов
Hello oVirt guru`s ! I have successfully replaced the oVirt 4 site SSL-certificate according to the instructions from "Replacing oVirt SSL Certificate" section in "oVirt Administration Guide" http://www.ovirt.org/documentation/admin-guide/administration-guide/ 3 files have been replaced: