[Users] noVNC with intermediate certificates
Markus Stockhausen
stockhausen at collogia.de
Sun Jan 12 13:54:05 EST 2014
> Von: Alon Bar-Lev [alonbl at redhat.com]
> Gesendet: Samstag, 11. Januar 2014 19:56
> An: Markus Stockhausen
> Cc: ovirt-users
> Betreff: Re: [Users] noVNC with intermediate certificates
>
> Hi,
>
> Can you please try to specify
>
> SSL_CERTIFICATE=xxx
>
> where xx contains the complete certificate chain in reverse?
>
> -----BEGIN CERTIFICATE-----
> ... (certificate for your server)...
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> ... (the certificate for the CA)...
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> ... (the root certificate for the CA's issuer)...
> -----END CERTIFICATE-----
>
> Of course you need matching SSL_KEY.
>
> Regards,
> Alon
The tests say:
The intermediate certificate is not really needed. The explanation
is quite simple. If you navigate to the admin page over https
the apache webserver presents the intermediate certificate.
This is temporarily stored in the (Firefox) browser. When you
open the noVNC console it is automatically trusted.
BUT! You will still get a certificate warning if you navigate directly
to https://<server>:6100 after opening the browser.
Nevertheless your hint seems to help. I just added the
intermediate certificate to the standard file
/etc/pki/ovirt-engine/certs/websocket-proxy.cer
and a direct connect to https://<server>:6100 gives
no warnings.
Thanks.
Markus
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140112/390dcf07/attachment.txt>
More information about the Users
mailing list