[Users] ssl error using ovirt-shell in 3.3.1

[Michael Pasternak]

On 11/26/2013 04:09 PM, Gianluca Cecchi wrote:
> Hello,
> based on RHEVM 3.2 and 3.3 beta docs I'm trying connection from ovirt cli.
> I have:
> engine on f19 + ovirt stable ovirt-engine-3.3.1-2.fc19.noarch
> client from where I run cli is f19 with
> ovirt-engine-sdk-python-3.3.0.7-1.fc19.noarch
> ovirt-engine-cli-3.3.0.5-1.fc19.noarch
> 
> $ curl -o ovirt-f18engine.cer http://f18engine/ca.crt
> 
> $ cat ~/.ovirtshellrc
> [cli]
> autoconnect = True
> autopage = True
> [ovirt-shell]
> username = "internal\\admin"
> timeout = None
> extended_prompt = False
> url = https://f18engine:443/api
> insecure = False
> filter = False
> session_timeout = None
> ca_file =
> dont_validate_cert_chain = False
> key_file = None
> password =
> cert_file = /home/gcecchi/ovirt-f18engine.cer

this is client side certificate key, you should be using "ca_file" for the host CA.

> 
> cert_file seems not to work because I get
> 
> $ ovirt-shell -c
> Password:
> 
> error: server CA certificate file must be specified for SSL secured connection.
> 
> I presume referring to
> https://bugzilla.redhat.com/show_bug.cgi?id=960983
> still in verified state
> 
> $ ovirt-shell -c -A /home/gcecchi/ovirt-f18engine.cer
> Password:
> 
> error: [Errno 336265225] _ssl.c:351: error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:PEM lib
> 
> 
> 
> 
>  ++++++++++++++++++++++++++++++++++++++++++
> 
>            Welcome to oVirt shell
> 
>  ++++++++++++++++++++++++++++++++++++++++++
> 
> 
> [oVirt shell (disconnected)]# exit
> 
> 
> If I change .ovirtshellrc contents with
> cert_file =
> 
> and run
> $ ovirt-shell -c -A /home/gcecchi/ovirt-f18engine.cer
> Password:
> 
> I get
> error: _ssl.c:291: Both the key & certificate files must be specified
> 
> What I'm doing wrong?
> 
> Gianluca
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 


-- 

Michael Pasternak
RedHat, ENG-Virtualization R&D