[Users] Cannot connect to VM via browser if engine was not in /etc/hosts
Michal Skrivanek
mskrivan at redhat.com
Thu Aug 1 11:49:41 EDT 2013
On 24 Jun 2013, at 13:09, David Jaša <djasa at redhat.com> wrote:
> Hi,
>
> So you're connecting via User Portal but then it doesn't work? If it
> doesn't, either you hit a bug or you've tweaked some value that affects
> things...
>
> In general, TLS shouldn't pose a problem because:
> 1) ovirt sets up its own CA that issues certificates for the hosts
> 2) the CA certificate and respective host certificate subject are passed to the client
> 3) the client can verify the host using these information even in cases when connection IP/FQDN doesn't match CN in subject of server certificate
>
> The only condition that indeed breaks it should be display network
> address override _when migrating the VM_ (because then the connection
> data are passed via the host and libvirt doesn't allow to pass the
> arbitrary IP/FQDN yet)
>
> David
>
> PS: Itamar, advice to disable SSL/TLS is IMO bad, bad thing. ;)
No no, you just do that right after setenforce 0 and iptables -F and then it's all fine:-D
>
>
> Itamar Heim píše v Po 24. 06. 2013 v 08:55 +0300:
>> On 06/24/2013 03:10 AM, lofyer wrote:
>>> 于 2013/6/24 1:47, Itamar Heim 写道:
>>>> On 06/06/2013 11:51 AM, lof yer wrote:
>>>>> I connect https://192.168.1.111 and connect to the VM, then the
>>>>> remote-viewer shows up, but failed to show the VM desktop.
>>>>> Is it the https problem?
>>>>> Can I connect to the VM without modify /etc/hosts?
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>>
>>>> was this resolved? sounds like a certificate/dns issue?
>>> Yes, it's certificate/dns problem.
>>> But how can I connect via IP instead of FQDN without https?
>>
>> i guess it depends if you can tell spice client to not validate the ssl
>> certificate.
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>
> --
>
> David Jaša, RHCE
>
> SPICE QE based in Brno
> GPG Key: 22C33E24
> Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list