Re: [ovirt-users] ovirt-shell
On 10/03/2014 02:45 PM, Koen Vanoppen wrote:
Dear all,
I wanted to connected to the ovirt-shell; But I get following error:
The host name "ovirt.brusselsairport.aero
<http://ovirt.brusselsairport.aero>" contained in the URL doesn't match
any of the names in the server certificate.
This means that there is mismatch between the host name that you use and
the name contained in the certificate used by the engine web server.
This check is a typical security measure to avoid man in the middle
attacks when using SSL. I'd suggest you check the certificate of used by
the web server. In my environment, for example:
# grep '^SSLCertificateFile' /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer
# openssl x509 -in /etc/pki/ovirt-engine/certs/apache.cer -subject
-noout
subject= /C=US/O=Example Inc./CN=ovirt.example.com
The relevant part here is the CN, it should match the name that you put
in the "url" parameter of the ovirt-shell.
If for whatever the reason you still want to connect using an incorrect
host name you can do so setting the "insecure" parameter to True.
My config file:
[cli]
autoconnect = True
autopage = True
[ovirt-shell]
username = admin
timeout = 5
extended_prompt = True
url = https://ovirt.brusselsairport.aero/api
insecure = False
renew_session = False
filter = False
session_timeout = None
ca_file = /root/ca.crt
dont_validate_cert_chain = True
key_file = None
password = ******
#cert_file = None
Ideas?
Kind regards,
Koen
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.