<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Jun 11, 2015 at 11:57 AM, <span dir="ltr"><<a href="mailto:nicolas@devels.es" target="_blank">nicolas@devels.es</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div>El 2015-06-11 08:55, Simone Tiraboschi escribió:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>
</blockquote>
<br></div></div>
Indeed, checking the Javascript console I discovered where the culprit is. This ovirt engine machine had formerly a FQDN that was changed afterwards (I used the .../setup/bin/ovirt-engine-rename script), so at installation time, SSL certs were issued for that FQDN. The ovirt-engine-rename script regenerated the engine certs, but seems that it didn't do the work for the websocket proxy, so the old FQDN cert is still used and a connection cannot be established with the daemon (logically, due to the mismatch). I can't find any documentation on how to regenerate the websocket proxy cert, though. Is there some script for that, or at least some manual way to accomplish it?<br>
<br>
Thanks for your help.<div><div><br><br>
</div></div></blockquote></div><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Based on an environment in 3.3.2 I solved a situation with webSocketProxy Enabled only after original install + update thanks to Alon advises.</div><div class="gmail_extra"><br></div><div class="gmail_extra">See full lthread here:</div><div class="gmail_extra"><a href="http://lists.ovirt.org/pipermail/users/2013-December/018554.html">http://lists.ovirt.org/pipermail/users/2013-December/018554.html</a><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Possibly it can apply to your environment too<br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">You could do the following:</span><br style="font-size:12.8000001907349px"><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px">1. remove</span><span style="font-size:12.8000001907349px"> </span></div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">In /etc/pki/ovirt-engine/keys/:</div><div class="gmail_extra">websocket-proxy.key.nopass<br></div><div class="gmail_extra">websocket-proxy.p12</div><div class="gmail_extra"><br></div><div class="gmail_extra">In /etc/pki/ovirt-engine/certs/:</div><div class="gmail_extra">websocket-proxy.cer</div></div><div class="gmail_extra"><br style="font-size:12.8000001907349px"><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px">2. run setup using:</span><br style="font-size:12.8000001907349px"><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"># engine-setup --otopi-environment="OVESETUP_</span><span style="font-size:12.8000001907349px">CONFIG/websocketProxyConfig=</span><span style="font-size:12.8000001907349px">bool:True"</span><br></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">and this should create websocket proxy certificates/keys in correct way....</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Be sure to make backups and verify better, in particular it this is a production environment.</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">HIH,</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Gianluca</span></div></div>