yes engine and kvm(qemu-kvm) installed on same machine (vm-srv) i change host-subject but.. # spicec -h vm-srv -p 5900 -s 5901 --host-subject "C=US, O=ICL, CN=vm-srv" --secure-channels=all Error: subject mismatch: #entries cert=2, input=3 Error: failed to connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1) 3079539240:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1063: Warning: SSL Error: 2012/8/6 Itamar Heim <iheim@redhat.com>:
On 08/06/2012 12:07 AM, Artem wrote:
hmm... not sure if understood correctly...
vm-srv this KVM host.. (server) and I connect from another machine to vm on kvm.
did you install the engine and kvm host on same machine?
this subject name i get in .spicec/spice_truststore.pem
yes, spice trusts the CA, but client needs to validate the target host certificate. (if you run engine and host on same machine, try: "C=US, O=ICL, CN=vm-srv" (assuming you added the host with hostname of vm-srv to engine. if you added it with fqdn or ip, use them under last CN)
////////////////////////////////// # cat .spicec/spice_truststore.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=ICL, CN=CA-vm-srv.15064 Validity Not Before: Jul 28 03:42:06 2012 Not After : Jul 26 23:42:07 2022 GMT Subject: C=US, O=ICL, CN=CA-vm-srv.15064 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: ///////////////////////////////////////////
2012/8/6 Itamar Heim <iheim@redhat.com>:
this looks like the subject name of the CA, not the host running the virtual machine?