We have a pretty likely configuration, with just one additional option:
FORCE_DATA_VERIFICATION=False
If it doesn't work, make sure the SSL_CERTIFICATE has the full bundle of
your certificate, including intermediate certs, not just the public
certificate. Then make sure to restart the ovirt-websocket-proxy daemon
(not ovirt-engine).
El 14/08/16 a las 06:59, aleksey.maksimov(a)it-kb.ru escribió:
Hi Jiri.
But your variant does not work, too
# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_ONLY=True
Some error:
WebSocket error: Can't connect to websocket on URL:
wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
any ideas how to trablshut problem?
14.08.2016, 01:53, "Jiri Belka" <jbelka(a)redhat.com>:
> I have different files for those variables, maybe this is the case?
>
> Review again.
>
> j.
>
> ----- Original Message -----
> From: "aleksey maksimov" <aleksey.maksimov(a)it-kb.ru>
> To: "Jiri Belka" <jbelka(a)redhat.com>
> Cc: "users" <users(a)ovirt.org>
> Sent: Saturday, August 13, 2016 4:57:45 PM
> Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5
browser client -> WebSocket error: Can't connect to websocket on URL:
wss://ovirt.engine.fqdn:6100/
>
> I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to:
>
> PROXY_PORT=6100
> #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
> #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
> #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
> SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem
> SSL_ONLY=True
>
> ...and restart HostedEngine VM.
> Problem still exists.
>
> 13.08.2016, 17:52, "aleksey.maksimov(a)it-kb.ru"
<aleksey.maksimov(a)it-kb.ru>:
>> It does not work for me. any ideas?
>>
>> 02.08.2016, 17:22, "Jiri Belka" <jbelka(a)redhat.com>:
>>> This works for me:
>>>
>>> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
>>> PROXY_PORT=6100
>>> SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
>>> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>> SSL_ONLY=True
>>>
>>> ----- Original Message -----
>>> From: "aleksey maksimov" <aleksey.maksimov(a)it-kb.ru>
>>> To: "users" <users(a)ovirt.org>
>>> Sent: Monday, August 1, 2016 12:13:38 PM
>>> Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5
browser client -> WebSocket error: Can't connect to websocket on URL:
wss://ovirt.engine.fqdn:6100/
>>>
>>> Hello oVirt guru`s !
>>>
>>> I have successfully replaced the oVirt 4 site SSL-certificate according to
the instructions from "Replacing oVirt SSL Certificate"
>>> section in "oVirt Administration Guide"
>>>
http://www.ovirt.org/documentation/admin-guide/administration-guide/
>>>
>>> 3 files have been replaced:
>>>
>>> /etc/pki/ovirt-engine/certs/apache.cer
>>> /etc/pki/ovirt-engine/keys/apache.key.nopass
>>> /etc/pki/ovirt-engine/apache-ca.pem
>>>
>>> Now the oVirt site using my certificate and everything works fine, but
when I try to use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and
message under the button "Toggle messages output":
>>>
>>> WebSocket error: Can't connect to websocket on URL:
wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>>>
>>> Before replacing certificates SPICE HTML5 browser client works.
>>> Native SPICE client works fine.
>>>
>>> Tell me what to do with SPICE HTML5 browser client?
>>> _______________________________________________
>>> Users mailing list
>>> Users(a)ovirt.org
>>>
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users