David,<br><br>Thanks for the reply. I've tried adding --ca-file to the spicec command line but still receive the same error. Here is the command:<br><br>spicec -h localhost -p $PORT -s $SPORT --secure-channels all --host-subject "$HOSTSUBJECT" --ca-file ca-cert.pem -w $PASSWD<br>
<br>Same error:<br><br>Error: failed to connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1)<br>140613653984512:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1063:<br>
Warning: SSL Error:<br><br><div class="gmail_quote">On Fri, Mar 23, 2012 at 6:06 AM, David Jaša <span dir="ltr"><<a href="mailto:djasa@redhat.com">djasa@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Hi Anthony,<br>
<br>
Anthony James píše v Čt 22. 03. 2012 v 15:40 -0400:<br>
<div class="im">> I'm having problems connecting to a spice virtual machine using SSL.<br>
> I use the following command to connect:<br>
><br>
><br>
> spicec -h localhost -p $PORT -s $SPORT --secure-channels all<br>
> --host-subject "$HOSTSUBJECT" -w $PASSWD<br>
><br>
</div>You're missing --ca-file $CA_CERTIFICATE_FILE in your command line.<br>
<br>
David<br>
<div class="im HOEnZb">><br>
> The error I receive is:<br>
><br>
><br>
> Error: failed to connect w/SSL, ssl_error<br>
> error:00000001:lib(0):func(0):reason(1)<br>
> 139699632096512:error:14090086:SSL<br>
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify<br>
> failed:s3_clnt.c:1063:<br>
> Warning: SSL Error:<br>
><br>
><br>
> I have followed the instructions from the following 2 sites to<br>
> configure the SSL certs:<br>
><br>
><br>
> <a href="http://www.spice-space.org/page/SSLConnection" target="_blank">http://www.spice-space.org/page/SSLConnection</a><br>
><br>
><br>
> <a href="http://fedoraproject.org/w/index.php?title=QA:Testcase_Virtualization_Manually_set_spice_listening_port_with_TLS_port_set&oldid=255162" target="_blank">http://fedoraproject.org/w/index.php?title=QA:Testcase_Virtualization_Manually_set_spice_listening_port_with_TLS_port_set&oldid=255162</a><br>
><br>
><br>
> Any help would be greatly appreciated, I'm sure I'm missing something.<br>
><br>
><br>
> Thanks,<br>
> Tony<br>
</div><div class="HOEnZb"><div class="h5">> _______________________________________________<br>
> Spice-devel mailing list<br>
> <a href="mailto:Spice-devel@lists.freedesktop.org">Spice-devel@lists.freedesktop.org</a><br>
> <a href="http://lists.freedesktop.org/mailman/listinfo/spice-devel" target="_blank">http://lists.freedesktop.org/mailman/listinfo/spice-devel</a><br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
<br>
David Jaša, RHCE<br>
<br>
SPICE QE based in Brno<br>
GPG Key: 22C33E24<br>
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24<br>
<br>
<br>
<br>
</font></span></blockquote></div><br>