[Users] noVNC with intermediate certificates

------=_NextPartTM-000-1d072653-e875-4776-9205-da11a53cbe5b Content-Type: multipart/alternative; boundary="_000_12EF8D94C6F8734FB2FF37B9FBEDD173585BAE38EXCHANGEcollogi_" --_000_12EF8D94C6F8734FB2FF37B9FBEDD173585BAE38EXCHANGEcollogi_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, after configuring noVNC websocket proxy I would like to load an offically signed certificate into it. Otherwise I would always have to accept the self signed certificate on port 6100. See here: http://lists.ovirt.org/pipermail/users/2013-October/017108.html certificate but our generated certificates depend on intermediate certificates. Ah the moment I'm missing the option to load/advertise that intermediate certificate. # cat /ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=3D6100 SSL_CERTIFICATE=3D/etc/pki/ovirt-engine/certs/websocket-proxy.cer SSL_KEY=3D/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass FORCE_DATA_VERIFICATION=3DTrue CERT_FOR_DATA_VERIFICATION=3D/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=3DTrue In apache I usally go with: SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer SSLCertificateKeyFile /etc/pki/ovirt-engine/keys/apache.key.nopass SSLCertificateChainFile /etc/pki/ovirt-engine/certs/server-chain.crt Any tips? Markus --_000_12EF8D94C6F8734FB2FF37B9FBEDD173585BAE38EXCHANGEcollogi_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html dir=3D"ltr"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-= 1"> <style id=3D"owaParaStyle" type=3D"text/css">P {margin-top:0;margin-bottom:= 0;}</style> </head> <body ocsi=3D"0" fpstyle=3D"1"> <div style=3D"direction: ltr;font-family: Tahoma;color: #000000;font-size: = 10pt;">Hello,<br> <br> after configuring noVNC websocket proxy I would like to load<br> an offically signed certificate into it. Otherwise I would always<br> have to accept the self signed certificate on port 6100. See here:<br> <br> <a href=3D"http://lists.ovirt.org/pipermail/users/2013-October/017108.h... target=3D"_blank">http://lists.ovirt.org/pipermail/users/201... 08.html</a><br> <br> certificate but our generated certificates depend on intermediate<br> certificates. Ah the moment I'm missing the option to load/advertise <br> that intermediate certificate.<br> <br> # cat /ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf<br> PROXY_PORT=3D6100<br> SSL_CERTIFICATE=3D/etc/pki/ovirt-engine/certs/websocket-proxy.cer<br> SSL_KEY=3D/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass<br> FORCE_DATA_VERIFICATION=3DTrue<br> CERT_FOR_DATA_VERIFICATION=3D/etc/pki/ovirt-engine/certs/engine.cer<br> SSL_ONLY=3DTrue<br> <br> In apache I usally go with:<br> <br> SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer<br> SSLCertificateKeyFile /etc/pki/ovirt-engine/keys/apache.key.nopass<br> SSLCertificateChainFile /etc/pki/ovirt-engine/certs/server-chain.crt <br> <br> Any tips?<br> <br> Markus<br> </div> </body> </html> --_000_12EF8D94C6F8734FB2FF37B9FBEDD173585BAE38EXCHANGEcollogi_-- ------=_NextPartTM-000-1d072653-e875-4776-9205-da11a53cbe5b Content-Type: text/plain; name="InterScan_Disclaimer.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="InterScan_Disclaimer.txt" **************************************************************************** Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Über das Internet versandte E-Mails können unter fremden Namen erstellt oder manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine rechtsverbindliche Willenserklärung. Collogia Unternehmensberatung AG Ubierring 11 D-50678 Köln Vorstand: Kadir Akin Dr. Michael Höhnerbach Vorsitzender des Aufsichtsrates: Hans Kristian Langva Registergericht: Amtsgericht Köln Registernummer: HRB 52 497 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. e-mails sent over the internet may have been written under a wrong name or been manipulated. That is why this message sent as an e-mail is not a legally binding declaration of intention. Collogia Unternehmensberatung AG Ubierring 11 D-50678 Köln executive board: Kadir Akin Dr. Michael Höhnerbach President of the supervisory board: Hans Kristian Langva Registry office: district court Cologne Register number: HRB 52 497 **************************************************************************** ------=_NextPartTM-000-1d072653-e875-4776-9205-da11a53cbe5b--