8:46 p.m.
----- Original Message -----
From: "Punit Dambiwal" <hypunit(a)gmail.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org, ahadas(a)redhat.com, "Sven Kieske"
<S.Kieske(a)mittwald.de>, "Dan Kenigsberg" <danken(a)redhat.com>,
"Michal Skrivanek" <michal.skrivanek(a)redhat.com>, "Antoni Segura
Puimedon" <asegurap(a)redhat.com>, "Frantisek Kobzik"
<fkobzik(a)redhat.com>, "Itamar Heim" <iheim(a)redhat.com>,
"sabose" <sabose(a)redhat.com>, barumuga(a)redhat.com, "Simone
Tiraboschi" <stirabos(a)redhat.com>
Sent: Friday, August 15, 2014 4:43:31 AM
Subject: Re: [ovirt-users] Ovirt SSL Question
Hi Alon,
Thanks for your reply...but i didn't find 20-pki.conf file in my
ovirt-engine server....
I am using websocket proxy as standalone....and fetch the vm console with
the help of API...and then it will display to the browser with our portal
url...
this is conf.d structure, files are sorted by name, last wins.
so instead of overriding files you can add your own.
Thanks,
Punit
On Thu, Aug 14, 2014 at 11:13 PM, Alon Bar-Lev <alonbl(a)redhat.com> wrote:
>
>
> ----- Original Message -----
> > From: "Punit Dambiwal" <hypunit(a)gmail.com>
> > To: users(a)ovirt.org, ahadas(a)redhat.com, "Sven Kieske" <
> S.Kieske(a)mittwald.de>, "Dan Kenigsberg" <danken(a)redhat.com>,
> > "Michal Skrivanek" <michal.skrivanek(a)redhat.com>, "Antoni
Segura
> Puimedon" <asegurap(a)redhat.com>, "Frantisek Kobzik"
> > <fkobzik(a)redhat.com>, "Itamar Heim" <iheim(a)redhat.com>,
"sabose" <
> sabose(a)redhat.com>, barumuga(a)redhat.com, "Simone
> > Tiraboschi" <stirabos(a)redhat.com>
> > Sent: Thursday, August 14, 2014 12:37:01 PM
> > Subject: Re: [ovirt-users] Ovirt SSL Question
> >
> > Hi All,
> >
> > Is there any one can help me to solve this issue..
> >
> > Thanks,
> > Punit
> >
> >
> > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < hypunit(a)gmail.com >
> wrote:
> >
> >
> >
> > Hi All,
> >
> > I have one question regarding the SSL settings in Ovirt....let me
> explain my
> > environment first :-
> >
> > 1. Ovirt engine :- mgmt.3linux.com
> > 2. Standalone websocket proxy :- web-proxy.3linux.com
> > 3. Our Own Portal :- portal.3linux.com
> >
> > We have the above architecture...we fetch the VM console from the
> websocket
> > proxy to our own portal through API....because still we are using
> selfsigned
> > certificate...we need to trust the certificate every time,whenever we
> open
> > the VM console... (https://< web-proxy.3linux.com >:<port>)
> >
> > When we initiate the VM console through our own web portal the url (
> >
>
https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-...
> > ),if we accept the SSL certificate with https://< web-proxy.3linux.com
> > >:<port> ....then it will open as expected but if we didn't accept
the
> > certificate manually...then it through failed to connect:1006 error...
> >
> > We don't want that every time end user will accept the certificate
> > manually...as our link to open VM console is different then webproxy....
> >
> > Now we want to replace the self signed certificate with valid SSL....can
> any
> > one tell me where we need to put the certificates and how to generate the
> > CSR for them and how many SSL we need to purchase to make this thing
> > workable without accepting the certificate everytime....
>
> Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf and
> override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate chain
> and matching key.
>
> You can create the request in any tool you like, what we need is the
> certificate and key.
>
> Regards,
> Alon
>