We have a pretty likely configuration, with just one additional option:
FORCE_DATA_VERIFICATION=False
If it doesn't work, make sure the SSL_CERTIFICATE has the full bundle of
your certificate, including intermediate certs, not just the public
certificate. Then make sure to restart the ovirt-websocket-proxy daemon
(not ovirt-engine).
El 14/08/16 a las 06:59, aleksey.maksi...@it-kb.ru escribió:
Hi Jiri.
But your variant does not work, too
# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_ONLY=True
Some error:
WebSocket error: Can't connect to websocket on URL:
wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
any ideas how to trablshut problem?
14.08.2016, 01:53, "Jiri Belka" <jbe...@redhat.com>:
I have different files for those variables, maybe this is the case?
Review again.
j.
----- Original Message -----
From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru>
To: "Jiri Belka" <jbe...@redhat.com>
Cc: "users" <users@ovirt.org>
Sent: Saturday, August 13, 2016 4:57:45 PM
Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5
browser client -> WebSocket error: Can't connect to websocket on URL:
wss://ovirt.engine.fqdn:6100/
I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
to:
PROXY_PORT=6100
#SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
#SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
#CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem
SSL_ONLY=True
...and restart HostedEngine VM.
Problem still exists.
13.08.2016, 17:52, "aleksey.maksi...@it-kb.ru" <aleksey.maksi...@it-kb.ru>:
It does not work for me. any ideas?
02.08.2016, 17:22, "Jiri Belka" <jbe...@redhat.com>:
This works for me:
# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_ONLY=True
----- Original Message -----
From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru>
To: "users" <users@ovirt.org>
Sent: Monday, August 1, 2016 12:13:38 PM
Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5
browser client -> WebSocket error: Can't connect to websocket on URL:
wss://ovirt.engine.fqdn:6100/
Hello oVirt guru`s !
I have successfully replaced the oVirt 4 site SSL-certificate according to the
instructions from "Replacing oVirt SSL Certificate"
section in "oVirt Administration Guide"
http://www.ovirt.org/documentation/admin-guide/administration-guide/
3 files have been replaced:
/etc/pki/ovirt-engine/certs/apache.cer
/etc/pki/ovirt-engine/keys/apache.key.nopass
/etc/pki/ovirt-engine/apache-ca.pem
Now the oVirt site using my certificate and everything works fine, but when I try to
use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and message under
the button "Toggle messages output":
WebSocket error: Can't connect to websocket on URL:
wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
Before replacing certificates SPICE HTML5 browser client works.
Native SPICE client works fine.
Tell me what to do with SPICE HTML5 browser client?
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
