The certificates used in SPICE connections are stored on the VM hosts. By default they are at /etc/pki/vdsm/libvirt-spice, and configured by VDSM in /etc/libvirt/qemu.conf. Their default names are ca-cert.pem, server-cert.pem, and server-key.pem. Using openssl x509 -noout -text - in </path/to/cert-file> should show you the certificate's expiration info. Note: Don't try to change anything, it will be overwritten by VDSM on the next host update / reinstall. As for remote-viewer, if you run it manually from the console with "remote-viewer --debug </path/to/console.vv>" or "remote-viewer -- verbose </path/to/console.vv>" it will print log information about the connection it's trying to establish. -Patrick Hibbs On Wed, 2022-02-09 at 06:58 +0200, Gilboa Davara wrote:
On Wed, Feb 9, 2022 at 1:05 AM Strahil Nikolov <hunter86_bg@yahoo.com> wrote:
I have no clue , but I would give vdsm.service a restart.
Thanks again for the prompt response. Tried that, restarted all services and the all the VMS, didn't work.
Any idea how I can verify the certificate information actually being used by qemu for the spice console? remote-viewer just fails, without giving any meaningful error message.
- Gilboa
Best Regards, Strahil Nikolov
On Tue, Feb 8, 2022 at 18:19, Gilboa Davara <gilboad@gmail.com> wrote: _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2GAQH44QD6KTS4...
Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OG57VT2XGDTY2M...