[ovirt-users] ovirt-shell
Juan Hernandez
jhernand at redhat.com
Fri Oct 3 13:43:14 UTC 2014
On 10/03/2014 02:45 PM, Koen Vanoppen wrote:
> Dear all,
>
> I wanted to connected to the ovirt-shell; But I get following error:
>
> The host name "ovirt.brusselsairport.aero
> <http://ovirt.brusselsairport.aero>" contained in the URL doesn't match
> any of the names in the server certificate.
>
This means that there is mismatch between the host name that you use and
the name contained in the certificate used by the engine web server.
This check is a typical security measure to avoid man in the middle
attacks when using SSL. I'd suggest you check the certificate of used by
the web server. In my environment, for example:
# grep '^SSLCertificateFile' /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer
# openssl x509 -in /etc/pki/ovirt-engine/certs/apache.cer -subject
-noout
subject= /C=US/O=Example Inc./CN=ovirt.example.com
The relevant part here is the CN, it should match the name that you put
in the "url" parameter of the ovirt-shell.
If for whatever the reason you still want to connect using an incorrect
host name you can do so setting the "insecure" parameter to True.
> My config file:
> [cli]
> autoconnect = True
> autopage = True
> [ovirt-shell]
> username = admin
> timeout = 5
> extended_prompt = True
> url = https://ovirt.brusselsairport.aero/api
> insecure = False
> renew_session = False
> filter = False
> session_timeout = None
> ca_file = /root/ca.crt
> dont_validate_cert_chain = True
> key_file = None
> password = ******
> #cert_file = None
>
> Ideas?
>
> Kind regards,
>
> Koen
>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
More information about the Users
mailing list