[Spice-devel] problems with intermediate certificates
Dietmar Maurer
dietmar at proxmox.com
Fri Aug 22 01:22:22 PDT 2014
I use the following certificate files:
# openssl verify -CAfile /etc/pve/pve-root-ca.pem /etc/pve/local/pve-ssl.pem
/etc/pve/local/pve-ssl.pem: OK
I pass the content of /etc/pve/pve-root-ca.pem to virt-viewer:
[virt-viewer]
ca=-----BEGIN CERTIFICATE-----\nXXXXXXXXXX/Q=\n-----END CERTIFICATE-----\n
...
I also use above cert files when starting qemu, and remote-viewer works perfectly unless
we use intermediate CAs.
-----------------
# remote-viewer /tmp/scDvEiLJ
(/usr/bin/remote-viewer:363337): Spice-Warning **: ssl_verify.c:428:openssl_verify: openssl verify:num=20:unable to get local issuer certificate:depth=1:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
(remote-viewer:363337): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)
------------------------
I tried to append the intermediate cert to /etc/pve/pve-root-ca.pem and /etc/pve/local/pve-ssl.pem, but always
get the same error.
Any ideas?
More information about the Spice-devel
mailing list