I did as you said:
copied from engine /etc/ovirt-engine/ca.pem onto my desktop into /etc/pki/ca-trust/source/anchors and then run update-ca-trust
it didn’t help, still the same errors

вс, 29 мар. 2020 г. в 10:47, David David <dd432690@gmail.com>:
I did as you said:
copied from engine /etc/ovirt-engine/ca.pem onto my desktop into /etc/pki/ca-trust/source/anchors and then run update-ca-trust
it didn’t help, still the same errors


пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov <hunter86_bg@yahoo.com>:
On March 27, 2020 12:23:10 PM GMT+02:00, David David <dd432690@gmail.com> wrote:
>here is debug from opening console.vv by remote-viewer
>
>2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzamazal@redhat.com>:
>> David David <dd432690@gmail.com> writes:
>>
>>> yes i have
>>> console.vv attached
>>
>> It looks the same as mine.
>>
>> There is a difference in our logs, you have
>>
>>   Possible auth 19
>>
>> while I have
>>
>>   Possible auth 2
>>
>> So I still suspect a wrong authentication method is used, but I don't
>> have any idea why.
>>
>> Regards,
>> Milan
>>
>>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzamazal@redhat.com>:
>>>> David David <dd432690@gmail.com> writes:
>>>>
>>>>> copied from qemu server all certs except "cacrl" to my
>desktop-station
>>>>> into /etc/pki/
>>>>
>>>> This is not needed, the CA certificate is included in console.vv
>and no
>>>> other certificate should be needed.
>>>>
>>>>> but remote-viewer is still didn't work
>>>>
>>>> The log looks like remote-viewer is attempting certificate
>>>> authentication rather than password authentication.  Do you have
>>>> password in console.vv?  It should look like:
>>>>
>>>>   [virt-viewer]
>>>>   type=vnc
>>>>   host=192.168.122.2
>>>>   port=5900
>>>>   password=fxLazJu6BUmL
>>>>   # Password is valid for 120 seconds.
>>>>   ...
>>>>
>>>> Regards,
>>>> Milan
>>>>
>>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsoffer@redhat.com>:
>>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David <dd432690@gmail.com>
>>>>>> wrote:
>>>>>>>
>>>>>>> ovirt 4.3.8.2-1.el7
>>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64
>>>>>>> remote-viewer version 8.0-3.fc31
>>>>>>>
>>>>>>> can't open vm console by remote-viewer
>>>>>>> vm has vnc console protocol
>>>>>>> when click on console button to connect to a vm, the
>remote-viewer
>>>>>>> console disappear immediately
>>>>>>>
>>>>>>> remote-viewer debug in attachment
>>>>>>
>>>>>> You an issue with the certificates:
>>>>>>
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238:
>>>>>> ../src/vncconnection.c Set credential 2 libvirt
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c Searching for certs in /etc/pki
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c Searching for certs in /root/.pki
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c Failed to find certificate CA/cacert.pem
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c No CA certificate provided, using GNUTLS
>global
>>>>>> trust
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c Failed to find certificate
>>>>>> libvirt/private/clientkey.pem
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c Failed to find certificate
>>>>>> libvirt/clientcert.pem
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c Waiting for missing credentials
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c Got all credentials
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>>>>>> ../src/vncconnection.c No CA certificate provided; trying the
>system
>>>>>> trust store instead
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>>>>>> ../src/vncconnection.c Using the system trust store and CRL
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>>>>>> ../src/vncconnection.c No client cert or key provided
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>>>>>> ../src/vncconnection.c No CA revocation list provided
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241:
>>>>>> ../src/vncconnection.c Handshake was blocking
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243:
>>>>>> ../src/vncconnection.c Handshake was blocking
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251:
>>>>>> ../src/vncconnection.c Handshake was blocking
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298:
>>>>>> ../src/vncconnection.c Handshake done
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298:
>>>>>> ../src/vncconnection.c Validating
>>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301:
>>>>>> ../src/vncconnection.c Error: The certificate is not trusted
>>>>>>
>>>>>> Adding people that may know more about this.
>>>>>>
>>>>>> Nir
>>>>>>
>>>>>>
>>>>
>>>>
>>
>>

Hello,

You can try to take the engine's CA (maybe it's  useless) and put it on your system in:
/etc/pki/ca-trust/source/anchors (if it's  EL7 or a Fedora) and then run update-ca-trust

Best Regards,
Strahil Nikolov