Re: [ovirt-users] Ovirt SSL Question

From: "Punit Dambiwal" <hypunit(a)gmail.com&gt; To: users(a)ovirt.org, ahadas(a)redhat.com, "Sven Kieske" <S.Kieske(a)mittwald.de&gt;, "Dan Kenigsberg" <danken(a)redhat.com&gt;, "Michal Skrivanek" <michal.skrivanek(a)redhat.com&gt;, "Antoni Segura Puimedon" <asegurap(a)redhat.com&gt;, "Frantisek Kobzik" <fkobzik(a)redhat.com&gt;, "Itamar Heim" <iheim(a)redhat.com&gt;, "sabose" <sabose(a)redhat.com&gt;, barumuga(a)redhat.com, "Simone Tiraboschi" <stirabos(a)redhat.com&gt; Sent: Thursday, August 14, 2014 12:37:01 PM Subject: Re: [ovirt-users] Ovirt SSL Question Hi All, Is there any one can help me to solve this issue.. Thanks, Punit On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < hypunit(a)gmail.com > wrote: Hi All, I have one question regarding the SSL settings in Ovirt....let me explain my environment first :- 1. Ovirt engine :- mgmt.3linux.com 2. Standalone websocket proxy :- web-proxy.3linux.com 3. Our Own Portal :- portal.3linux.com We have the above architecture...we fetch the VM console from the websocket proxy to our own portal through API....because still we are using selfsigned certificate...we need to trust the certificate every time,whenever we open the VM console... (https://< web-proxy.3linux.com >:<port>) When we initiate the VM console through our own web portal the url ( https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-... ),if we accept the SSL certificate with https://< web-proxy.3linux.com >:<port> ....then it will open as expected but if we didn't accept the certificate manually...then it through failed to connect:1006 error... We don't want that every time end user will accept the certificate manually...as our link to open VM console is different then webproxy.... Now we want to replace the self signed certificate with valid SSL....can any one tell me where we need to put the certificates and how to generate the CSR for them and how many SSL we need to purchase to make this thing workable without accepting the certificate everytime....