[Users] noVNC with intermediate certificates

Markus Stockhausen stockhausen at collogia.de
Sun Jan 12 18:54:05 UTC 2014


> Von: Alon Bar-Lev [alonbl at redhat.com]
> Gesendet: Samstag, 11. Januar 2014 19:56
> An: Markus Stockhausen
> Cc: ovirt-users
> Betreff: Re: [Users] noVNC with intermediate certificates
> 
> Hi,
> 
> Can you please try to specify
> 
> SSL_CERTIFICATE=xxx
> 
> where xx contains the complete certificate chain in reverse?
> 
> -----BEGIN CERTIFICATE-----
> ... (certificate for your server)...
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> ... (the certificate for the CA)...
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> ... (the root certificate for the CA's issuer)...
> -----END CERTIFICATE-----
> 
> Of course you need matching SSL_KEY.
> 
> Regards,
> Alon

The tests say:

The intermediate certificate is not really needed. The explanation
is quite simple. If you navigate to the admin page over https
the apache webserver presents the intermediate certificate. 
This is temporarily stored in the (Firefox) browser. When you 
open the noVNC console it is automatically trusted. 

BUT! You will still get a certificate warning if you navigate directly
to https://<server>:6100 after opening the browser.

Nevertheless your hint seems to help. I just added the
intermediate certificate to the standard file 
/etc/pki/ovirt-engine/certs/websocket-proxy.cer
and a direct connect to https://<server>:6100 gives
no warnings.

Thanks.

Markus
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140112/390dcf07/attachment-0001.txt>


More information about the Users mailing list