[ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

Nicolás nicolas at devels.es
Sun Aug 14 07:23:42 UTC 2016


We have a pretty likely configuration, with just one additional option:

FORCE_DATA_VERIFICATION=False

If it doesn't work, make sure the SSL_CERTIFICATE has the full bundle of 
your certificate, including intermediate certs, not just the public 
certificate. Then make sure to restart the ovirt-websocket-proxy daemon 
(not ovirt-engine).

El 14/08/16 a las 06:59, aleksey.maksimov at it-kb.ru escribió:
> Hi Jiri.
> But your variant does not work, too
>
> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
> PROXY_PORT=6100
> SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
> SSL_ONLY=True
>
> Some error:
> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>
> any ideas how to trablshut problem?
>
> 14.08.2016, 01:53, "Jiri Belka" <jbelka at redhat.com>:
>> I have different files for those variables, maybe this is the case?
>>
>> Review again.
>>
>> j.
>>
>> ----- Original Message -----
>> From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
>> To: "Jiri Belka" <jbelka at redhat.com>
>> Cc: "users" <users at ovirt.org>
>> Sent: Saturday, August 13, 2016 4:57:45 PM
>> Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>>
>> I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to:
>>
>> PROXY_PORT=6100
>> #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
>> #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
>> #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>> SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
>> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem
>> SSL_ONLY=True
>>
>> ...and restart HostedEngine VM.
>> Problem still exists.
>>
>> 13.08.2016, 17:52, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
>>>   It does not work for me. any ideas?
>>>
>>>   02.08.2016, 17:22, "Jiri Belka" <jbelka at redhat.com>:
>>>>    This works for me:
>>>>
>>>>    # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
>>>>    PROXY_PORT=6100
>>>>    SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
>>>>    SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>>>    CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>>>    SSL_ONLY=True
>>>>
>>>>    ----- Original Message -----
>>>>    From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
>>>>    To: "users" <users at ovirt.org>
>>>>    Sent: Monday, August 1, 2016 12:13:38 PM
>>>>    Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>>>>
>>>>    Hello oVirt guru`s !
>>>>
>>>>    I have successfully replaced the oVirt 4 site SSL-certificate according to the instructions from "Replacing oVirt SSL Certificate"
>>>>    section in "oVirt Administration Guide"
>>>>    http://www.ovirt.org/documentation/admin-guide/administration-guide/
>>>>
>>>>    3 files have been replaced:
>>>>
>>>>    /etc/pki/ovirt-engine/certs/apache.cer
>>>>    /etc/pki/ovirt-engine/keys/apache.key.nopass
>>>>    /etc/pki/ovirt-engine/apache-ca.pem
>>>>
>>>>    Now the oVirt site using my certificate and everything works fine, but when I try to use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and message under the button "Toggle messages output":
>>>>
>>>>    WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>>>>
>>>>    Before replacing certificates SPICE HTML5 browser client works.
>>>>    Native SPICE client works fine.
>>>>
>>>>    Tell me what to do with SPICE HTML5 browser client?
>>>>    _______________________________________________
>>>>    Users mailing list
>>>>    Users at ovirt.org
>>>>    http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users




More information about the Users mailing list