[Users] noVNC with intermediate certificates
Markus Stockhausen
stockhausen at collogia.de
Fri Jan 10 20:47:09 UTC 2014
Hello,
after configuring noVNC websocket proxy I would like to load
an offically signed certificate into it. Otherwise I would always
have to accept the self signed certificate on port 6100. See here:
http://lists.ovirt.org/pipermail/users/2013-October/017108.html
>From the configuration file I know where to place the signed
certificate but our generated certificates depend on intermediate
certificates. Ah the moment I'm missing the option to load/advertise
that intermediate certificate.
# cat /ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
FORCE_DATA_VERIFICATION=True
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_ONLY=True
In apache I usally go with:
SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer
SSLCertificateKeyFile /etc/pki/ovirt-engine/keys/apache.key.nopass
SSLCertificateChainFile /etc/pki/ovirt-engine/certs/server-chain.crt
Any tips?
Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140110/37042383/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140110/37042383/attachment-0001.txt>
More information about the Users
mailing list