<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hello,<br>
<br>
after configuring noVNC websocket proxy I would like to load<br>
an offically signed certificate into it. Otherwise I would always<br>
have to accept the self signed certificate on port 6100. See here:<br>
<br>
<a href="http://lists.ovirt.org/pipermail/users/2013-October/017108.html" target="_blank">http://lists.ovirt.org/pipermail/users/2013-October/017108.html</a><br>
<br>
>From the configuration file I know where to place the signed<br>
certificate but our generated certificates depend on intermediate<br>
certificates. Ah the moment I'm missing the option to load/advertise <br>
that intermediate certificate.<br>
<br>
# cat /ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf<br>
PROXY_PORT=6100<br>
SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer<br>
SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass<br>
FORCE_DATA_VERIFICATION=True<br>
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer<br>
SSL_ONLY=True<br>
<br>
In apache I usally go with:<br>
<br>
SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer<br>
SSLCertificateKeyFile /etc/pki/ovirt-engine/keys/apache.key.nopass<br>
SSLCertificateChainFile /etc/pki/ovirt-engine/certs/server-chain.crt <br>
<br>
Any tips?<br>
<br>
Markus<br>
</div>
</body>
</html>