[Spice-devel] [virt-tools-list] Where to put certificates for remote-viewer on windows [SOLVED, PARTIALLY]

Fernando Lozano fernando at lozano.eti.br
Tue Aug 27 17:36:50 PDT 2013


Hi Uri,
>> The CA certificate configured on the kvm host (saved as
>> "/etc/pki/CA/cacert.pem") has to be copied to
>> $HOME/.spicec/spice_trusstore.pem. A symbolic link also works fine.
>>
>> On Windows, you have to copy the CA cert "spice_trustore.pem" to
>> "C:\Users\<YourUser>\.spicec". Note Windows Explorer will refuse to
>> create a folder name starting with a dot, so you'll have to use the
>> Windows Command Prompt.
>>
>> Then you can use connection URLs like "spice://kvmhost?tls-port=5901"
>> and be assured you'll use only TLS connections to the spice display
>> (checked using netstat on both Linux server and Windows client).
>
> Thanks for sharing this.
> Another option is to use the command line option
> --spice-ca-file=<ca-cert-pem-file>

Yes, that's very nice when you work as a consultant and will connect to
guests from different customers.

Unfortunately the windows port won't accept --spice-ca-file. :-(

Is there a similar option for virsh and/or virt-viewer?


[]s, Fernando Lozano



More information about the Spice-devel mailing list