David David <dd432690(a)gmail.com> writes:
copied from qemu server all certs except "cacrl" to my
desktop-station
into /etc/pki/
This is not needed, the CA certificate is included in console.vv and no
other certificate should be needed.
but remote-viewer is still didn't work
The log looks like remote-viewer is attempting certificate
authentication rather than password authentication. Do you have
password in console.vv? It should look like:
[virt-viewer]
type=vnc
host=192.168.122.2
port=5900
password=fxLazJu6BUmL
# Password is valid for 120 seconds.
...
Regards,
Milan
2020-03-26 2:22 GMT+04:00, Nir Soffer <nsoffer(a)redhat.com>:
> On Wed, Mar 25, 2020 at 12:45 PM David David <dd432690(a)gmail.com> wrote:
>>
>> ovirt 4.3.8.2-1.el7
>> gtk-vnc2-1.0.0-1.fc31.x86_64
>> remote-viewer version 8.0-3.fc31
>>
>> can't open vm console by remote-viewer
>> vm has vnc console protocol
>> when click on console button to connect to a vm, the remote-viewer
>> console disappear immediately
>>
>> remote-viewer debug in attachment
>
> You an issue with the certificates:
>
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238:
> ../src/vncconnection.c Set credential 2 libvirt
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c Searching for certs in /etc/pki
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c Searching for certs in /root/.pki
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c Failed to find certificate CA/cacert.pem
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c No CA certificate provided, using GNUTLS global
> trust
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c Failed to find certificate
> libvirt/private/clientkey.pem
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c Failed to find certificate
> libvirt/clientcert.pem
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c Waiting for missing credentials
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c Got all credentials
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
> ../src/vncconnection.c No CA certificate provided; trying the system
> trust store instead
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
> ../src/vncconnection.c Using the system trust store and CRL
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
> ../src/vncconnection.c No client cert or key provided
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
> ../src/vncconnection.c No CA revocation list provided
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241:
> ../src/vncconnection.c Handshake was blocking
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243:
> ../src/vncconnection.c Handshake was blocking
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251:
> ../src/vncconnection.c Handshake was blocking
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298:
> ../src/vncconnection.c Handshake done
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298:
> ../src/vncconnection.c Validating
> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301:
> ../src/vncconnection.c Error: The certificate is not trusted
>
> Adding people that may know more about this.
>
> Nir
>
>