[ovirt-users] Unable to run noVNC console un recent browsers

Simone Tiraboschi stirabos at redhat.com
Fri Feb 20 17:50:59 UTC 2015 


----- Original Message -----
> From: "Darrell Budic" <budic at onholyground.com>
> To: "Simone Tiraboschi" <stirabos at redhat.com>
> Cc: "users" <users at ovirt.org>
> Sent: Friday, February 20, 2015 5:57:10 PM
> Subject: Re: [ovirt-users] Unable to run noVNC console un recent browsers
> 
> I had some trouble with self signed certs in firefox when they switch to the
> new pkix stuff recently, have you tried setting
> security.use_mozillapkix_verification to false?

The websocket proxy cert is not self-signed: it's normally signed by the internal oVirt CA. 

> > On Feb 20, 2015, at 8:56 AM, Simone Tiraboschi <stirabos at redhat.com> wrote:
> > 
> > 
> > 
> > ----- Original Message -----
> >> From: "Donny Davis" <donny at cloudspin.me>
> >> To: "Simone Tiraboschi" <stirabos at redhat.com>
> >> Cc: users at ovirt.org
> >> Sent: Friday, February 20, 2015 3:53:04 PM
> >> Subject: RE: [ovirt-users] Unable to run noVNC console un recent browsers
> >> 
> >> No, I made my life easy and used nginx to proxy for the websocket. I was
> >> then
> >> able to use my commercial ssl cert to avoid all of these issues. Using a
> >> proxy for a proxy has been working out quite well for cloudspin, because I
> >> don't have to mess with anything internal to the engine and noVNC works
> >> without issue.
> > 
> > Yes, using the oVirt internal CA is just the low-profile out of the box
> > solution.
> > 
> >> DonnyD
> >> 
> >> -----Original Message-----
> >> From: Simone Tiraboschi [mailto:stirabos at redhat.com]
> >> Sent: Friday, February 20, 2015 7:03 AM
> >> To: Donny Davis
> >> Subject: Re: [ovirt-users] Unable to run noVNC console un recent browsers
> >> 
> >> 
> >> 
> >> ----- Original Message -----
> >>> From: "Donny Davis" <donny at cloudspin.me>
> >>> To: "Simone Tiraboschi" <stirabos at redhat.com>
> >>> Sent: Friday, February 20, 2015 2:23:56 PM
> >>> Subject: RE: [ovirt-users] Unable to run noVNC console un recent
> >>> browsers
> >>> 
> >>> Is your websocket proxy on the same machine as your engine. I also get
> >>> the CA error when the time it off. The proxy throws the error to
> >>> /var/log/messages
> >> 
> >> Hi Donny,
> >> I'm using the proxy on the same machine where the engine runs.
> >> No error till now no my side.
> >> 
> >> I also trusted oVirt internal CA to sign other certs in my browser. Did
> >> you?
> >> You can find it at https://{engine}/ca.crt
> >> 
> >> You should download it and add to the list of trusted certification
> >> authorities in your browser.
> >> 
> >>> -----Original Message-----
> >>> From: users-bounces at ovirt.org [mailto:users-bounces at ovirt.org] On
> >>> Behalf Of Simone Tiraboschi
> >>> Sent: Friday, February 20, 2015 5:57 AM
> >>> To: Stefano Danzi
> >>> Cc: users at ovirt.org
> >>> Subject: Re: [ovirt-users] Unable to run noVNC console un recent
> >>> browsers
> >>> 
> >>> 
> >>> 
> >>> ----- Original Message -----
> >>>> From: "Stefano Danzi" <s.danzi at hawai.it>
> >>>> To: "Darrell Budic" <budic at onholyground.com>
> >>>> Cc: users at ovirt.org
> >>>> Sent: Friday, February 20, 2015 9:07:51 AM
> >>>> Subject: Re: [ovirt-users] Unable to run noVNC console un recent
> >>>> browsers
> >>>> 
> >>>> Hello!
> >>>> Already done but this didn't help.
> >>>> 
> >>>> I downloaded a portable version of Firefox 17 and noVNC work as
> >>>> expected.
> >>>> 
> >>>> Il 20/02/2015 5.18, Darrell Budic ha scritto:
> >>>> 
> >>>> 
> >>>> 
> >>>> Try reimporting the ca.cert for noVNC by connecting directly to the
> >>>> webproxy address at port 6100. Do this by trying to connect to a
> >>>> console and then, once the 1006 error shows up, just strip off
> >>>> everything after :6100/ . I've found that somewhere in or after 3.5,
> >>>> restarting the webproxy causes it to generate its own new ca.cert
> >>>> even
> >>> through it shouldn't.
> >>>> 
> >>>>  -Darrell
> >>>> 
> >>>> 
> >>>> 
> >>>> On Feb 19, 2015, at 4:09 PM, Stefano Danzi <s.danzi at hawai.it> wrote:
> >>>> 
> >>>> Hello,
> >>>> 
> >>>> I can't make work noVNC console on recent browsers (Chrome 40,
> >>>> Firefox
> >>>> 35 and IE 11).
> >>>> 
> >>>> The error that I have is already explained here:
> >>>> https://forge.univention.org/bugzilla/show_bug.cgi?id=33587 I tried
> >>>> to change websocket like suggested (
> >>>> http://errata.univention.de/ucs/3.2/31.html ) but this not helped.
> >>> 
> >>> noVNC 0.5.1 should be soon released in EPEL6/EPEL7 as for [1].
> >>> noVNC 0.5.1 should also improve compatibility with recent browsers.
> >>> 
> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1193454#c3
> >>> 
> >>> 
> >>>> Someone know a workaround?
> >>>> _______________________________________________
> >>>> Users mailing list Users at ovirt.org
> >>>> http://lists.ovirt.org/mailman/listinfo/users
> >>>> 
> >>>> 
> >>>> _______________________________________________
> >>>> Users mailing list
> >>>> Users at ovirt.org
> >>>> http://lists.ovirt.org/mailman/listinfo/users
> >>>> 
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at ovirt.org
> >>> http://lists.ovirt.org/mailman/listinfo/users
> >>> 
> >>> 
> >> 
> >> 
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> 
>

More information about the Users mailing list