Hmm. that seems to be half the battle. I updated the filels in /etc/pki/vdsm/libvirt-spice, and the debug output from remote-viewer changes.. but its not entirely happy. (remote-viewer.exe:15808): Spice-WARNING **: 12:55:01.188: ../subprojects/spice-common/common/ssl_verify.c:444:openssl_verify: Error in certificate chain verification: unable to get issuer certificate (num=2:depth1:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2) (remote-viewer.exe:15808): GSpice-WARNING **: 12:55:01.189: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1) (remote-viewer.exe:15808): virt-viewer-DEBUG: 12:55:01.192: Destroy SPICE channel SpiceMainChannel 0 (remote-viewer.exe:15808): virt-viewer-DEBUG: 12:55:01.192: zap main channel I put the cert itself, in server-cert.pem I put the key in server-key.pem I put the bundle file from godaddy, which they call "gd_bundle-g2-g1", in "ca-cert.pem" but its still complaining about error in chain? Ive been updating a whoole bunch of SSL-requiring systems this month, and notice that one or two systems like a different order to the multiple-cert-CA stack. Does libvirt-spice require yet another, different stacking? Can you tell me what needs to be in each, and in what order, please? :-/