----- Original Message ----- > From: "Punit Dambiwal" <[email protected]> > To: [email protected], [email protected], "Sven Kieske" <[email protected]>, > "Dan Kenigsberg" <[email protected]>, > "Michal Skrivanek" <[email protected]>, "Antoni Segura Puimedon" > <[email protected]>, "Frantisek Kobzik" > <[email protected]>, "Itamar Heim" <[email protected]>, "sabose" > <[email protected]>, [email protected], "Simone > Tiraboschi" <[email protected]> > Sent: Thursday, August 14, 2014 12:37:01 PM > Subject: Re: [ovirt-users] Ovirt SSL Question > > Hi All, > > Is there any one can help me to solve this issue.. > > Thanks, > Punit > > > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < [email protected] > wrote: > > > > Hi All, > > I have one question regarding the SSL settings in Ovirt....let me explain my > environment first :- > > 1. Ovirt engine :- mgmt.3linux.com > 2. Standalone websocket proxy :- web-proxy.3linux.com > 3. Our Own Portal :- portal.3linux.com > > We have the above architecture...we fetch the VM console from the websocket > proxy to our own portal through API....because still we are using selfsigned > certificate...we need to trust the certificate every time,whenever we open > the VM console... (https://< web-proxy.3linux.com >:<port>) > > When we initiate the VM console through our own web portal the url ( > https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00 > ),if we accept the SSL certificate with https://< web-proxy.3linux.com > >:<port> ....then it will open as expected but if we didn't accept the > certificate manually...then it through failed to connect:1006 error... > > We don't want that every time end user will accept the certificate > manually...as our link to open VM console is different then webproxy.... > > Now we want to replace the self signed certificate with valid SSL....can any > one tell me where we need to put the certificates and how to generate the > CSR for them and how many SSL we need to purchase to make this thing > workable without accepting the certificate everytime....
Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf and override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate chain and matching key. You can create the request in any tool you like, what we need is the certificate and key. Regards, Alon _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
