[Spice-devel] Where to put certificates for remote-viewer on windows

Fernando Lozano fernando at lozano.eti.br
Mon Aug 26 06:46:16 PDT 2013


Hi,

I downloaded the latest virt-viewer installer for windows from 
fedorahosted.org (0.5.7) and wish to use spice+tls to access VM consoles 
from a Fedora machine.  I know my certificates are properly configured 
on the server side because I can connect from another Fedora machine 
using both remote-viewer and virsh.

But on Windows it won't work. Virt-viewer was installed on the default 
location, so I guessed I had to put cacert.pem on:

"C:\Program Files (x86)\VirtViewer\etc\pki\CA"

and the client certificates on:

"C:\Program Files (x86)\VirtViewer\etc\pki\libvirt"

with the private key file on the "private" subdir.

When I try to connect to the host using virsh.exe included on 
viet-viewer install I get the error:

virsh # connect qemu://kvmserv/system
error: Failed to connect to the hypervisor
error: Cannot read CA certificate 
'/usr/i686-w64-mingw32/sys-root/mingw/etc/pki/
CA/cacert.pem': No such file or directory

virsh # connect qemu+tls://kvmserv/system
error: Failed to connect to the hypervisor
error: Cannot read CA certificate 
'/usr/i686-w64-mingw32/sys-root/mingw/etc/pki/
CA/cacert.pem': No such file or directory

kvmserv is resolvabe to the correct IP using ping on the windows 
machine, and it is the same hostname I use on the fedora machine to get 
a sucesfull connection.

I also tried some "obvious" alternatives to "C:\Program Files 
(x86)\VirtViewer\etc\pki" for the certificates like "C:\mingw\etc\pki" 
and "C:\usr\x86_64-w64-mingw32\sys-root\mingw\etc\pki", none worked.


Any ideas? Or to use remote-viewer / virsh from a Windows machine I need 
to allow insecure conections (no TLS) to the libvirtd and spice TCP ports?


[]s, Fernando Lozano



More information about the Spice-devel mailing list