[ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

aleksey.maksimov at it-kb.ru aleksey.maksimov at it-kb.ru
Mon Aug 15 12:18:48 EDT 2016


I tried a version of Nicolás. 
No success :((

1) I create full bundle cert file:

# cat /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/apache-ca.pem > /etc/pki/ovirt-engine/certs/apache-with-ca.cer
# openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer

/etc/pki/ovirt-engine/certs/apache-with-ca.cer: OK

2) I changed config file:

# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf

PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache-with-ca.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
SSL_ONLY=True
FORCE_DATA_VERIFICATION=False

3) I restarted the service

# service ovirt-websocket-proxy restart

Problem still exists :(
Any ideas how to trablshut problem?

14.08.2016, 08:59, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
> Hi Jiri.
> But your variant does not work, too
>
> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
> PROXY_PORT=6100
> SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
> SSL_ONLY=True
>
> Some error:
> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>
> any ideas how to trablshut problem?
>
> 14.08.2016, 01:53, "Jiri Belka" <jbelka at redhat.com>:
>>  I have different files for those variables, maybe this is the case?
>>
>>  Review again.
>>
>>  j.
>>
>>  ----- Original Message -----
>>  From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
>>  To: "Jiri Belka" <jbelka at redhat.com>
>>  Cc: "users" <users at ovirt.org>
>>  Sent: Saturday, August 13, 2016 4:57:45 PM
>>  Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>>
>>  I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to:
>>
>>  PROXY_PORT=6100
>>  #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
>>  #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
>>  #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>  SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
>>  SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>  CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem
>>  SSL_ONLY=True
>>
>>  ...and restart HostedEngine VM.
>>  Problem still exists.
>>
>>  13.08.2016, 17:52, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
>>>   It does not work for me. any ideas?
>>>
>>>   02.08.2016, 17:22, "Jiri Belka" <jbelka at redhat.com>:
>>>>    This works for me:
>>>>
>>>>    # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
>>>>    PROXY_PORT=6100
>>>>    SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
>>>>    SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>>>    CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>>>    SSL_ONLY=True
>>>>
>>>>    ----- Original Message -----
>>>>    From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
>>>>    To: "users" <users at ovirt.org>
>>>>    Sent: Monday, August 1, 2016 12:13:38 PM
>>>>    Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>>>>
>>>>    Hello oVirt guru`s !
>>>>
>>>>    I have successfully replaced the oVirt 4 site SSL-certificate according to the instructions from "Replacing oVirt SSL Certificate"
>>>>    section in "oVirt Administration Guide"
>>>>    http://www.ovirt.org/documentation/admin-guide/administration-guide/
>>>>
>>>>    3 files have been replaced:
>>>>
>>>>    /etc/pki/ovirt-engine/certs/apache.cer
>>>>    /etc/pki/ovirt-engine/keys/apache.key.nopass
>>>>    /etc/pki/ovirt-engine/apache-ca.pem
>>>>
>>>>    Now the oVirt site using my certificate and everything works fine, but when I try to use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and message under the button "Toggle messages output":
>>>>
>>>>    WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>>>>
>>>>    Before replacing certificates SPICE HTML5 browser client works.
>>>>    Native SPICE client works fine.
>>>>
>>>>    Tell me what to do with SPICE HTML5 browser client?
>>>>    _______________________________________________
>>>>    Users mailing list
>>>>    Users at ovirt.org
>>>>    http://lists.ovirt.org/mailman/listinfo/users


More information about the Users mailing list