[Spice-devel] Where to put certificates for remote-viewer on windows
Fernando Lozano
fernando at lozano.eti.br
Mon Aug 26 06:46:16 PDT 2013
Hi,
I downloaded the latest virt-viewer installer for windows from
fedorahosted.org (0.5.7) and wish to use spice+tls to access VM consoles
from a Fedora machine. I know my certificates are properly configured
on the server side because I can connect from another Fedora machine
using both remote-viewer and virsh.
But on Windows it won't work. Virt-viewer was installed on the default
location, so I guessed I had to put cacert.pem on:
"C:\Program Files (x86)\VirtViewer\etc\pki\CA"
and the client certificates on:
"C:\Program Files (x86)\VirtViewer\etc\pki\libvirt"
with the private key file on the "private" subdir.
When I try to connect to the host using virsh.exe included on
viet-viewer install I get the error:
virsh # connect qemu://kvmserv/system
error: Failed to connect to the hypervisor
error: Cannot read CA certificate
'/usr/i686-w64-mingw32/sys-root/mingw/etc/pki/
CA/cacert.pem': No such file or directory
virsh # connect qemu+tls://kvmserv/system
error: Failed to connect to the hypervisor
error: Cannot read CA certificate
'/usr/i686-w64-mingw32/sys-root/mingw/etc/pki/
CA/cacert.pem': No such file or directory
kvmserv is resolvabe to the correct IP using ping on the windows
machine, and it is the same hostname I use on the fedora machine to get
a sucesfull connection.
I also tried some "obvious" alternatives to "C:\Program Files
(x86)\VirtViewer\etc\pki" for the certificates like "C:\mingw\etc\pki"
and "C:\usr\x86_64-w64-mingw32\sys-root\mingw\etc\pki", none worked.
Any ideas? Or to use remote-viewer / virsh from a Windows machine I need
to allow insecure conections (no TLS) to the libvirtd and spice TCP ports?
[]s, Fernando Lozano
More information about the Spice-devel
mailing list