We have a pretty likely configuration, with just one additional option:

FORCE_DATA_VERIFICATION=False

If it doesn't work, make sure the SSL_CERTIFICATE has the full bundle of your certificate, including intermediate certs, not just the public certificate. Then make sure to restart the ovirt-websocket-proxy daemon (not ovirt-engine).

El 14/08/16 a las 06:59, aleksey.maksi...@it-kb.ru escribió:
Hi Jiri.
But your variant does not work, too

# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_ONLY=True

Some error:
WebSocket error: Can't connect to websocket on URL: 
wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]

any ideas how to trablshut problem?

14.08.2016, 01:53, "Jiri Belka" <jbe...@redhat.com>:
I have different files for those variables, maybe this is the case?

Review again.

j.

----- Original Message -----
From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru>
To: "Jiri Belka" <jbe...@redhat.com>
Cc: "users" <users@ovirt.org>
Sent: Saturday, August 13, 2016 4:57:45 PM
Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 
browser client -> WebSocket error: Can't connect to websocket on URL: 
wss://ovirt.engine.fqdn:6100/

I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf 
to:

PROXY_PORT=6100
#SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
#SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
#CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem
SSL_ONLY=True

...and restart HostedEngine VM.
Problem still exists.

13.08.2016, 17:52, "aleksey.maksi...@it-kb.ru" <aleksey.maksi...@it-kb.ru>:
  It does not work for me. any ideas?

  02.08.2016, 17:22, "Jiri Belka" <jbe...@redhat.com>:
   This works for me:

   # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
   PROXY_PORT=6100
   SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
   SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
   CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
   SSL_ONLY=True

   ----- Original Message -----
   From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru>
   To: "users" <users@ovirt.org>
   Sent: Monday, August 1, 2016 12:13:38 PM
   Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 
browser client -> WebSocket error: Can't connect to websocket on URL: 
wss://ovirt.engine.fqdn:6100/

   Hello oVirt guru`s !

   I have successfully replaced the oVirt 4 site SSL-certificate according to the 
instructions from "Replacing oVirt SSL Certificate"
   section in "oVirt Administration Guide"
   http://www.ovirt.org/documentation/admin-guide/administration-guide/

   3 files have been replaced:

   /etc/pki/ovirt-engine/certs/apache.cer
   /etc/pki/ovirt-engine/keys/apache.key.nopass
   /etc/pki/ovirt-engine/apache-ca.pem

   Now the oVirt site using my certificate and everything works fine, but when I try to 
use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and message under 
the button "Toggle messages output":

   WebSocket error: Can't connect to websocket on URL: 
wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]

   Before replacing certificates SPICE HTML5 browser client works.
   Native SPICE client works fine.

   Tell me what to do with SPICE HTML5 browser client?
   _______________________________________________
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to