[Users] Specifying values for cert, key, and CA for ovirt-shell

Bob Doolittle bob at doolittle.us.com
Wed Jan 8 19:55:40 UTC 2014


On 01/08/2014 02:31 PM, Joop wrote:
> Bob Doolittle wrote:
>>
>> On 01/08/2014 02:17 PM, Joop wrote:
>>> Bob Doolittle wrote:
>>>> Hi,
>>>>
>>>> I want to run ovirt-shell directly (as root) on the Engine. 
>>>> Presumably all the files I need for CA, key, and cert are in the 
>>>> /etc/pki area.
>>>>
>>>> But when I use the attached .ovirtshellrc file I get:
>>>>
>>>> error: [Errno 336265218] _ssl.c:341: error:140B0002:SSL 
>>>> routines:SSL_CTX_use_PrivateKey_file:system lib
>>>>
>>>> How can I specify an appropriate configuration to get this working?
>>>> I would prefer to keep using SSL if possible.
>>> Just guessing but I don't think that your fqdn is localhost in your 
>>> certs. Use your fqdn for the url variable.
>>
>> Good thought. But now I am getting:
>>
>> error: [Errno 336265225] _ssl.c:341: error:140B0009:SSL 
>> routines:SSL_CTX_use_PrivateKey_file:PEM lib
>>
>> Some searching indicates that my keys and certs need to be in pem 
>> format, so maybe I have to convert them before use? Any tips on how 
>> to do that?
>>
> What happens if you leave out the ca_file/key_file/cert_file variables?
> I just played around with ovirt-shell and made a .ovirtshellrc file, 
> on the engine, and don't remember setting these and I could login and 
> run scripts
> Can't access my test environment right now so this is also a shot in 
> the dark.

That's what I tried first. I get:
error: server CA certificate file must be specified for SSL secured 
connection.

And if I don't specify https I get:
error: No response returned from server. If you're using HTTP protocol
against a SSL secured server, then try using HTTPS instead.

Thanks,
    Bob




More information about the Users mailing list