[ovirt-users] Ovirt SSL Question
Punit Dambiwal
hypunit at gmail.com
Fri Aug 15 01:48:13 UTC 2014
Hi Alon,
Thanks...but still the same question....for which FQDN i need to purchase
the SSL (Ovirt engine FQDN or standalone websocket proxy FQDN) ??
On Fri, Aug 15, 2014 at 9:46 AM, Alon Bar-Lev <alonbl at redhat.com> wrote:
>
>
> ----- Original Message -----
> > From: "Punit Dambiwal" <hypunit at gmail.com>
> > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: users at ovirt.org, ahadas at redhat.com, "Sven Kieske" <
> S.Kieske at mittwald.de>, "Dan Kenigsberg" <danken at redhat.com>,
> > "Michal Skrivanek" <michal.skrivanek at redhat.com>, "Antoni Segura
> Puimedon" <asegurap at redhat.com>, "Frantisek Kobzik"
> > <fkobzik at redhat.com>, "Itamar Heim" <iheim at redhat.com>, "sabose" <
> sabose at redhat.com>, barumuga at redhat.com, "Simone
> > Tiraboschi" <stirabos at redhat.com>
> > Sent: Friday, August 15, 2014 4:43:31 AM
> > Subject: Re: [ovirt-users] Ovirt SSL Question
> >
> > Hi Alon,
> >
> > Thanks for your reply...but i didn't find 20-pki.conf file in my
> > ovirt-engine server....
> >
> > I am using websocket proxy as standalone....and fetch the vm console with
> > the help of API...and then it will display to the browser with our portal
> > url...
>
> this is conf.d structure, files are sorted by name, last wins.
> so instead of overriding files you can add your own.
>
> >
> > Thanks,
> > Punit
> >
> >
> > On Thu, Aug 14, 2014 at 11:13 PM, Alon Bar-Lev <alonbl at redhat.com>
> wrote:
> >
> > >
> > >
> > > ----- Original Message -----
> > > > From: "Punit Dambiwal" <hypunit at gmail.com>
> > > > To: users at ovirt.org, ahadas at redhat.com, "Sven Kieske" <
> > > S.Kieske at mittwald.de>, "Dan Kenigsberg" <danken at redhat.com>,
> > > > "Michal Skrivanek" <michal.skrivanek at redhat.com>, "Antoni Segura
> > > Puimedon" <asegurap at redhat.com>, "Frantisek Kobzik"
> > > > <fkobzik at redhat.com>, "Itamar Heim" <iheim at redhat.com>, "sabose" <
> > > sabose at redhat.com>, barumuga at redhat.com, "Simone
> > > > Tiraboschi" <stirabos at redhat.com>
> > > > Sent: Thursday, August 14, 2014 12:37:01 PM
> > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > >
> > > > Hi All,
> > > >
> > > > Is there any one can help me to solve this issue..
> > > >
> > > > Thanks,
> > > > Punit
> > > >
> > > >
> > > > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < hypunit at gmail.com
> >
> > > wrote:
> > > >
> > > >
> > > >
> > > > Hi All,
> > > >
> > > > I have one question regarding the SSL settings in Ovirt....let me
> > > explain my
> > > > environment first :-
> > > >
> > > > 1. Ovirt engine :- mgmt.3linux.com
> > > > 2. Standalone websocket proxy :- web-proxy.3linux.com
> > > > 3. Our Own Portal :- portal.3linux.com
> > > >
> > > > We have the above architecture...we fetch the VM console from the
> > > websocket
> > > > proxy to our own portal through API....because still we are using
> > > selfsigned
> > > > certificate...we need to trust the certificate every time,whenever we
> > > open
> > > > the VM console... (https://< web-proxy.3linux.com >:<port>)
> > > >
> > > > When we initiate the VM console through our own web portal the url (
> > > >
> > >
> https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00
> > > > ),if we accept the SSL certificate with https://<
> web-proxy.3linux.com
> > > > >:<port> ....then it will open as expected but if we didn't accept
> the
> > > > certificate manually...then it through failed to connect:1006
> error...
> > > >
> > > > We don't want that every time end user will accept the certificate
> > > > manually...as our link to open VM console is different then
> webproxy....
> > > >
> > > > Now we want to replace the self signed certificate with valid
> SSL....can
> > > any
> > > > one tell me where we need to put the certificates and how to
> generate the
> > > > CSR for them and how many SSL we need to purchase to make this thing
> > > > workable without accepting the certificate everytime....
> > >
> > > Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf and
> > > override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate
> chain
> > > and matching key.
> > >
> > > You can create the request in any tool you like, what we need is the
> > > certificate and key.
> > >
> > > Regards,
> > > Alon
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140815/a542bdec/attachment-0001.html>
More information about the Users
mailing list