[Spice-devel] problems with intermediate certificates
Dietmar Maurer
dietmar at proxmox.com
Mon Aug 25 22:24:16 PDT 2014
> Also, do you account for intermediate CA in your setup? You have basically
> two options how to handle it:
>
> 1) "standard": server-cert.pem should contain the whole chain of certificates
> under root CA, e.g:
> * Int. CA 1
> * Int. CA 2
> * server cert
> you just cat them to the file in that order. You then add the root CA to the .vv
> file and things should work.
We have several user using such setup successfully. But it does not work with
my StartCom certificates - strange.
> 2) "custom": treat intermediate CA that actually signed the server cert as
> trusted root: use it in ca-cert.pem and pass it to remote-viewer.
> Given that you need to supply remote-viewer with a CA, this approach is less
> "wrong" than in different TLS use cases.
This also fails when using the "StartCom Class 2 Primary Intermediate Server CA".
So the question is if someone has a working setup using " StartCom Class 2 Primary Intermediate Server CA"
and spice?
More information about the Spice-devel
mailing list