This is currently what I got: CONSOLE is the path to the console.vv file just downloaded. I have tested that logic with remote-viewer. So I know this is working at least. Now my goal is to get spice-web-client to work as well. However I am not understanding yet everything about the expectation of ovirt in regards to certificates, and authentication. Any insight is welcome awk 'NR == 19 ' $CONSOLE | sed 's/ca=//;s/\\n/\n/g' >$CAFILE port=$(grep '^tls-port=' $CONSOLE | cut -f2 -d=) host=$(head -10 $CONSOLE | grep '^host=' | cut -f2 -d=) user=$(grep '^host-subject=' $CONSOLE | cut -f2- -d=) password=$(grep '^password=' $CONSOLE | cut -f2- -d=) /var/www/websockify/run 5959 --cert=/etc/letsencrypt/live/xxx.xxxx.net/cert.pem --key=/etc/letsencrypt/live/xxx.xxxx.net/privkey.pem --ssl-only --verify-client --record /tmp/websockify.log --cafile=${CAFILE} --auth-plugin=ClientCertCNAuth --auth-source="${user} ${password}" ${host}:${port}