[Users] spicec not connect | SSL Error

Sun Aug 5 21:30:47 UTC 2012

yes engine and kvm(qemu-kvm) installed  on same machine (vm-srv)

i change host-subject but..

# spicec -h vm-srv -p 5900 -s 5901 --host-subject "C=US, O=ICL,
CN=vm-srv" --secure-channels=all
Error: subject mismatch: #entries cert=2, input=3
Error: failed to connect w/SSL, ssl_error
error:00000001:lib(0):func(0):reason(1)
3079539240:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed:s3_clnt.c:1063:
Warning: SSL Error:

2012/8/6 Itamar Heim <iheim at redhat.com>:
> On 08/06/2012 12:07 AM, Artem wrote:
>>
>> hmm... not sure if understood correctly...
>>
>> vm-srv this KVM host.. (server) and I connect from another machine to vm
>> on kvm.
>
>
> did you install the engine and kvm host on same machine?
>
>
>>
>> this subject name i get in .spicec/spice_truststore.pem
>
>
> yes, spice trusts the CA, but client needs to validate the target host
> certificate.
> (if you run engine and host on same machine, try:
> "C=US, O=ICL, CN=vm-srv"
> (assuming you added the host with hostname of vm-srv to engine. if you added
> it with fqdn or ip, use them under last CN)
>
>
>>
>> //////////////////////////////////
>> # cat .spicec/spice_truststore.pem
>> Certificate:
>>      Data:
>>          Version: 3 (0x2)
>>          Serial Number: 1 (0x1)
>>          Signature Algorithm: sha1WithRSAEncryption
>>          Issuer: C=US, O=ICL, CN=CA-vm-srv.15064
>>          Validity
>>              Not Before: Jul 28 03:42:06 2012
>>              Not After : Jul 26 23:42:07 2022 GMT
>>          Subject: C=US, O=ICL, CN=CA-vm-srv.15064
>>          Subject Public Key Info:
>>              Public Key Algorithm: rsaEncryption
>>                  Public-Key: (2048 bit)
>>                  Modulus:
>> ///////////////////////////////////////////
>>
>> 2012/8/6 Itamar Heim <iheim at redhat.com>:
>>>
>>> this looks like the subject name of the CA, not the host running the
>>> virtual
>>> machine?
>
>
>