[ovirt-users] Unable to run noVNC console un recent browsers

Darrell Budic budic at onholyground.com
Fri Feb 20 16:57:10 UTC 2015 

I had some trouble with self signed certs in firefox when they switch to the new pkix stuff recently, have you tried setting security.use_mozillapkix_verification to false?


> On Feb 20, 2015, at 8:56 AM, Simone Tiraboschi <stirabos at redhat.com> wrote:
> 
> 
> 
> ----- Original Message -----
>> From: "Donny Davis" <donny at cloudspin.me>
>> To: "Simone Tiraboschi" <stirabos at redhat.com>
>> Cc: users at ovirt.org
>> Sent: Friday, February 20, 2015 3:53:04 PM
>> Subject: RE: [ovirt-users] Unable to run noVNC console un recent browsers
>> 
>> No, I made my life easy and used nginx to proxy for the websocket. I was then
>> able to use my commercial ssl cert to avoid all of these issues. Using a
>> proxy for a proxy has been working out quite well for cloudspin, because I
>> don't have to mess with anything internal to the engine and noVNC works
>> without issue.
> 
> Yes, using the oVirt internal CA is just the low-profile out of the box solution.
> 
>> DonnyD
>> 
>> -----Original Message-----
>> From: Simone Tiraboschi [mailto:stirabos at redhat.com]
>> Sent: Friday, February 20, 2015 7:03 AM
>> To: Donny Davis
>> Subject: Re: [ovirt-users] Unable to run noVNC console un recent browsers
>> 
>> 
>> 
>> ----- Original Message -----
>>> From: "Donny Davis" <donny at cloudspin.me>
>>> To: "Simone Tiraboschi" <stirabos at redhat.com>
>>> Sent: Friday, February 20, 2015 2:23:56 PM
>>> Subject: RE: [ovirt-users] Unable to run noVNC console un recent
>>> browsers
>>> 
>>> Is your websocket proxy on the same machine as your engine. I also get
>>> the CA error when the time it off. The proxy throws the error to
>>> /var/log/messages
>> 
>> Hi Donny,
>> I'm using the proxy on the same machine where the engine runs.
>> No error till now no my side.
>> 
>> I also trusted oVirt internal CA to sign other certs in my browser. Did you?
>> You can find it at https://{engine}/ca.crt
>> 
>> You should download it and add to the list of trusted certification
>> authorities in your browser.
>> 
>>> -----Original Message-----
>>> From: users-bounces at ovirt.org [mailto:users-bounces at ovirt.org] On
>>> Behalf Of Simone Tiraboschi
>>> Sent: Friday, February 20, 2015 5:57 AM
>>> To: Stefano Danzi
>>> Cc: users at ovirt.org
>>> Subject: Re: [ovirt-users] Unable to run noVNC console un recent
>>> browsers
>>> 
>>> 
>>> 
>>> ----- Original Message -----
>>>> From: "Stefano Danzi" <s.danzi at hawai.it>
>>>> To: "Darrell Budic" <budic at onholyground.com>
>>>> Cc: users at ovirt.org
>>>> Sent: Friday, February 20, 2015 9:07:51 AM
>>>> Subject: Re: [ovirt-users] Unable to run noVNC console un recent
>>>> browsers
>>>> 
>>>> Hello!
>>>> Already done but this didn't help.
>>>> 
>>>> I downloaded a portable version of Firefox 17 and noVNC work as expected.
>>>> 
>>>> Il 20/02/2015 5.18, Darrell Budic ha scritto:
>>>> 
>>>> 
>>>> 
>>>> Try reimporting the ca.cert for noVNC by connecting directly to the
>>>> webproxy address at port 6100. Do this by trying to connect to a
>>>> console and then, once the 1006 error shows up, just strip off
>>>> everything after :6100/ . I've found that somewhere in or after 3.5,
>>>> restarting the webproxy causes it to generate its own new ca.cert
>>>> even
>>> through it shouldn't.
>>>> 
>>>>  -Darrell
>>>> 
>>>> 
>>>> 
>>>> On Feb 19, 2015, at 4:09 PM, Stefano Danzi <s.danzi at hawai.it> wrote:
>>>> 
>>>> Hello,
>>>> 
>>>> I can't make work noVNC console on recent browsers (Chrome 40,
>>>> Firefox
>>>> 35 and IE 11).
>>>> 
>>>> The error that I have is already explained here:
>>>> https://forge.univention.org/bugzilla/show_bug.cgi?id=33587 I tried
>>>> to change websocket like suggested (
>>>> http://errata.univention.de/ucs/3.2/31.html ) but this not helped.
>>> 
>>> noVNC 0.5.1 should be soon released in EPEL6/EPEL7 as for [1].
>>> noVNC 0.5.1 should also improve compatibility with recent browsers.
>>> 
>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1193454#c3
>>> 
>>> 
>>>> Someone know a workaround?
>>>> _______________________________________________
>>>> Users mailing list Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>> 
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>> 
>>> 
>> 
>> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list