[Spice-devel] virt viewer from windows to spice server with tls and certificate file problems (what uri?)

David Jaša djasa at redhat.com
Mon Nov 12 10:11:06 PST 2012 

Before reporting a bug, could we rule out misconfiguration possiblity
entirely?

1) do you use libvirt?
2) if so, do you use system session or per-user session?
3) could you look at qemu command line? If you use libvirt, you'll find it in /var/log/libvirt/qemu/VM_NAME.log
4) at the libvirt command file, is there '... -spice ...,x509-(dir|ca...|server),... ' entry?
5) if the x509 directive is x509-dir, does "qemu-kvm -spice tls-port=12345,x509-dir=DIR,disable-ticketing" command throw the same error?
   (the same goes for per-file x509 options)
6) if it is indeed a problem, is it permission issue or are the files empty or are they invalid?

(...)

David


Jodi Curtis píše v Po 12. 11. 2012 v 17:55 +0000:
> Hi
> 
> 
> I've used the directory correctly on qemu.conf, I've seen these
> problems relating to Red Hat/oVirt, where it wasn't set despite being
> set in qemu.conf, so I will probably file a bug report with Ubuntu on
> this one.
> 
> 
> The red-hat solution isn't valid for Ubuntu.
> 
> 
> Thanks
> 
> On Mon, Nov 12, 2012 at 5:49 PM, David Jaša <djasa at redhat.com> wrote:
>         Jodi Curtis píše v Po 12. 11. 2012 v 17:31 +0000:
>         > Hi
>         >
>         >
>         > Thanks, I found the method in the end, my current problem is
>         related
>         > to a problem with Ubuntu/SSL/Spice, so not really your
>         software, I
>         > have asked for help from a Linux admin, but its detailed
>         below for the
>         > record, I've gone through the key making proces twice, and
>         rebooted,
>         > obviously paths have been checked and qemu.conf has been set
>         as
>         > required
>         >
>         >
>         > ((null):2176): Spice-Warning **: reds.c:3307:reds_init_ssl:
>         Could not
>         > load certificates from server-cert.pem
>         > ((null):2176): Spice-Warning **: reds.c:3317:reds_init_ssl:
>         Could not
>         > use private key file
>         > ((null):2176): Spice-Warning **: reds.c:3325:reds_init_ssl:
>         Could not
>         > use CA file
>         
>         
>         Assuming that your cert/key files are correct and in place,
>         this looks
>         like incorrect x509-dir option of qemu cli or
>         spice_tls_x509_cert_dir
>         directive of /etc/libvirt/qemu.conf pointing to a wrong
>         directory. Just
>         a configuration issue.
>         
>         David
>         
>         >
>         >
>         > There is very little obvious on the internet, so am trying
>         to identify
>         > if its a common SSL or config problem, or if I should file a
>         bug
>         > report with Ubuntu kvm-spice
>         >
>         >
>         > Jodi
>         >
>         >
>         > On Mon, Nov 12, 2012 at 12:12 PM, David Jaša
>         <djasa at redhat.com> wrote:
>         >         Hi Jodi,
>         >
>         >         You can find full tls-enabled remote-viewer
>         invocation in this
>         >         oVirt
>         >         wiki page:
>         >
>         http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Without_Portal
>         >
>         >         David
>         >
>         >
>         >         Jodi Curtis píše v Ne 11. 11. 2012 v 23:28 +0000:
>         >         > Hi
>         >         >
>         >         >
>         >         > I'm having trouble connecting to a spice server
>         with tls
>         >         enabled
>         >         > through virt-viewer on windows, I have tls
>         configured and a
>         >         > ca-cert.pem file, but I don't know where to put
>         it, or what
>         >         to use
>         >         >
>         >         >
>         >         > I have tried various combinations of
>         >         spice://192.168.2.140:590x
>         >         >
>         >         >
>         >         > I have tried adding +ssh or +tls, I have tried
>         adding the
>         >         ca-cert.pem
>         >         > file to the location used by the spicec page that
>         covers how
>         >         to set up
>         >         > tls, and I have tried adding my username before
>         the IP.
>         >         >
>         >         > I have tried connecting to both ports.
>         >         >
>         >         >
>         >         > Any help on what it should be, or if there is an
>         alternative
>         >         to
>         >         > virt-viewer on windows that I need to use for the
>         secure
>         >         connection.
>         >         >
>         >         >
>         >         > Thanks
>         >
>         >         > _______________________________________________
>         >         > Spice-devel mailing list
>         >         > Spice-devel at lists.freedesktop.org
>         >         >
>         http://lists.freedesktop.org/mailman/listinfo/spice-devel
>         >
>         >         --
>         >
>         >         David Jaša, RHCE
>         >
>         >         SPICE QE based in Brno
>         >         GPG Key:     22C33E24
>         >         Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00
>         22C3 3E24
>         >
>         >
>         >
>         >
>         >
>         > _______________________________________________
>         > Spice-devel mailing list
>         > Spice-devel at lists.freedesktop.org
>         > http://lists.freedesktop.org/mailman/listinfo/spice-devel
>         
>         --
>         
>         David Jaša, RHCE
>         
>         SPICE QE based in Brno
>         GPG Key:     22C33E24
>         Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
>         
>         
>         
>         
> 
> 

-- 

David Jaša, RHCE

SPICE QE based in Brno
GPG Key:     22C33E24 
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24

More information about the Spice-devel mailing list