[Users] ssl error using ovirt-shell in 3.3.1
Michael Pasternak
mpastern at redhat.com
Tue Nov 26 15:06:29 UTC 2013
On 11/26/2013 04:09 PM, Gianluca Cecchi wrote:
> Hello,
> based on RHEVM 3.2 and 3.3 beta docs I'm trying connection from ovirt cli.
> I have:
> engine on f19 + ovirt stable ovirt-engine-3.3.1-2.fc19.noarch
> client from where I run cli is f19 with
> ovirt-engine-sdk-python-3.3.0.7-1.fc19.noarch
> ovirt-engine-cli-3.3.0.5-1.fc19.noarch
>
> $ curl -o ovirt-f18engine.cer http://f18engine/ca.crt
>
> $ cat ~/.ovirtshellrc
> [cli]
> autoconnect = True
> autopage = True
> [ovirt-shell]
> username = "internal\\admin"
> timeout = None
> extended_prompt = False
> url = https://f18engine:443/api
> insecure = False
> filter = False
> session_timeout = None
> ca_file =
> dont_validate_cert_chain = False
> key_file = None
> password =
> cert_file = /home/gcecchi/ovirt-f18engine.cer
this is client side certificate key, you should be using "ca_file" for the host CA.
>
> cert_file seems not to work because I get
>
> $ ovirt-shell -c
> Password:
>
> error: server CA certificate file must be specified for SSL secured connection.
>
> I presume referring to
> https://bugzilla.redhat.com/show_bug.cgi?id=960983
> still in verified state
>
> $ ovirt-shell -c -A /home/gcecchi/ovirt-f18engine.cer
> Password:
>
> error: [Errno 336265225] _ssl.c:351: error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:PEM lib
>
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++
>
> Welcome to oVirt shell
>
> ++++++++++++++++++++++++++++++++++++++++++
>
>
> [oVirt shell (disconnected)]# exit
>
>
> If I change .ovirtshellrc contents with
> cert_file =
>
> and run
> $ ovirt-shell -c -A /home/gcecchi/ovirt-f18engine.cer
> Password:
>
> I get
> error: _ssl.c:291: Both the key & certificate files must be specified
>
> What I'm doing wrong?
>
> Gianluca
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--
Michael Pasternak
RedHat, ENG-Virtualization R&D
More information about the Users
mailing list