[Spice-devel] virt viewer from windows to spice server with tls and certificate file problems (what uri?)

David Jaša djasa at redhat.com
Mon Nov 12 09:49:48 PST 2012 

Jodi Curtis píše v Po 12. 11. 2012 v 17:31 +0000:
> Hi
> 
> 
> Thanks, I found the method in the end, my current problem is related
> to a problem with Ubuntu/SSL/Spice, so not really your software, I
> have asked for help from a Linux admin, but its detailed below for the
> record, I've gone through the key making proces twice, and rebooted,
> obviously paths have been checked and qemu.conf has been set as
> required
> 
> 
> ((null):2176): Spice-Warning **: reds.c:3307:reds_init_ssl: Could not
> load certificates from server-cert.pem 
> ((null):2176): Spice-Warning **: reds.c:3317:reds_init_ssl: Could not
> use private key file
> ((null):2176): Spice-Warning **: reds.c:3325:reds_init_ssl: Could not
> use CA file

Assuming that your cert/key files are correct and in place, this looks
like incorrect x509-dir option of qemu cli or spice_tls_x509_cert_dir
directive of /etc/libvirt/qemu.conf pointing to a wrong directory. Just
a configuration issue.

David

> 
> 
> There is very little obvious on the internet, so am trying to identify
> if its a common SSL or config problem, or if I should file a bug
> report with Ubuntu kvm-spice
> 
> 
> Jodi
> 
> 
> On Mon, Nov 12, 2012 at 12:12 PM, David Jaša <djasa at redhat.com> wrote:
>         Hi Jodi,
>         
>         You can find full tls-enabled remote-viewer invocation in this
>         oVirt
>         wiki page:
>         http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Without_Portal
>         
>         David
>         
>         
>         Jodi Curtis píše v Ne 11. 11. 2012 v 23:28 +0000:
>         > Hi
>         >
>         >
>         > I'm having trouble connecting to a spice server with tls
>         enabled
>         > through virt-viewer on windows, I have tls configured and a
>         > ca-cert.pem file, but I don't know where to put it, or what
>         to use
>         >
>         >
>         > I have tried various combinations of
>         spice://192.168.2.140:590x
>         >
>         >
>         > I have tried adding +ssh or +tls, I have tried adding the
>         ca-cert.pem
>         > file to the location used by the spicec page that covers how
>         to set up
>         > tls, and I have tried adding my username before the IP.
>         >
>         > I have tried connecting to both ports.
>         >
>         >
>         > Any help on what it should be, or if there is an alternative
>         to
>         > virt-viewer on windows that I need to use for the secure
>         connection.
>         >
>         >
>         > Thanks
>         
>         > _______________________________________________
>         > Spice-devel mailing list
>         > Spice-devel at lists.freedesktop.org
>         > http://lists.freedesktop.org/mailman/listinfo/spice-devel
>         
>         --
>         
>         David Jaša, RHCE
>         
>         SPICE QE based in Brno
>         GPG Key:     22C33E24
>         Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
>         
>         
>         
> 
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

-- 

David Jaša, RHCE

SPICE QE based in Brno
GPG Key:     22C33E24 
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24

More information about the Spice-devel mailing list