Re: [one-users] Sunstone noVNC with WSS support

2014-03-11 Thread Valentin Bud 
Hi Stefan,

On Tue, Mar 11, 2014 at 6:07 PM, Stefan Kooman  wrote:

> Quoting Valentin Bud (valentin@gmail.com):
> >
> > I totally agree with you about the user experience and for it is worth
> > investing
> > a few dollars. I guess I am just frustrated that TLS fails to provide
> peer
> > to peer
> > trust.
>
> So I guess it's time (for you) to deploy DANE [1,2]. You do need to have
> DNSSEC enabled for your domain ... and still have to trust the (root)
> dns servers  ... but that's already a big improvement if you ask me.
> Especially if you operate your own dnsservers and have control over the
> signing process.
>

You are absolutely right. We operate the DNS infrastructure and plan to
implement DNSSEC this year. We have a mix of public and private zones
and we are still researching the most simple way to get DNSSEC implemented.

Do you have any tips / recommandations for the above scenario?

Once I have DNSSEC up and running I will surely implement DANE :).


> [1]: https://tools.ietf.org/html/rfc6698
> [2]:
> http://www.internetsociety.org/deploy360/blog/2013/12/want-to-quickly-create-a-tlsa-record-for-dane-dnssec/
>
>
>
> --
> | BIT BV  http://www.bit.nl/Kamer van Koophandel 09090351
> | GPG: 0xD14839C6   +31 318 648 688 / i...@bit.nl


-- 
Valentin Bud
http://databus.pro | valen...@databus.pro
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-03-11 Thread Stefan Kooman 
Quoting Valentin Bud (valentin@gmail.com):
> 
> I totally agree with you about the user experience and for it is worth
> investing
> a few dollars. I guess I am just frustrated that TLS fails to provide peer
> to peer
> trust.

So I guess it's time (for you) to deploy DANE [1,2]. You do need to have
DNSSEC enabled for your domain ... and still have to trust the (root)
dns servers  ... but that's already a big improvement if you ask me.
Especially if you operate your own dnsservers and have control over the
signing process.

[1]: https://tools.ietf.org/html/rfc6698
[2]: 
http://www.internetsociety.org/deploy360/blog/2013/12/want-to-quickly-create-a-tlsa-record-for-dane-dnssec/



-- 
| BIT BV  http://www.bit.nl/Kamer van Koophandel 09090351
| GPG: 0xD14839C6   +31 318 648 688 / i...@bit.nl
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-03-08 Thread Valentin Bud 
Hi Wilma,



On Fri, Mar 7, 2014 at 7:40 PM, Wilma Hermann wrote:

> Hi Valentin,
>
> > Last time I checked, my CA looked pretty real to me
> Admittedly, "real" might have been the wrong word. Probably "common"
> would have better described what I meant.
>
> > And why is that? Is Verisign's random number generator better than yours?
> No, but their root certificate is shipped with every common browser
> out there, even on mobile devices.
>

You are right. And so we put our trust in them.


>
> > None of the RFCs I've read about PKI don't tell me that I SHOULD NOT use
> > self signed certs for production environments.
> Fair enough, that's true. And when you have an environment where you
> can ensure that all users have your root certificate installed, then
> there's no downside of a private CA-infrastructure. But from ML's
> comments I assumed that this particular OpenNebula installation is to
> be opened to the public (or at least an audience where ML cannot make
> sure that the root certificate is trusted by default).
> If that assumption holds and you're not willing to spend a few dollars
> for an uninterrupted user-experience, then I question your business
> model...
>

I totally agree with you about the user experience and for it is worth
investing
a few dollars. I guess I am just frustrated that TLS fails to provide peer
to peer
trust.


Greetings,
Valentin


> Greetings
> Wilma
>
>
> 2014-03-07 17:37 GMT+01:00 Valentin Bud :
> >
> > Hello Wilma,
> >
> > On Thu, Feb 6, 2014 at 6:20 PM, Wilma Hermann 
> wrote:
> >>
> >> There is a really easy fix for that: Get a real certificate from a real
> CA. You should not use self-signed certs for a production environment.
> >
> >
> > And why is that? Is Verisign's random number generator better than yours?
> > A real certificate from a real CA? I don't get that. Last time I
> checked, my CA
> > looked pretty real to me, conforming with RFC 5280. And the certificates
> from the
> > browser and VPNs issued by that CA are also real.
> >
> > None of the RFCs I've read about PKI don't tell me that I SHOULD NOT use
> > self signed certs for production environments.
> >
> > Your business's image could suffer from a self signed cert but that's
> another
> > story. Technology is technology and it should work either way, be it
> self signed
> > or not.
> >
> > Best,
> > Valentin
> >
> >>
> >> Greetings
> >> Wilma
> >>
> >>
> >> 2014-02-06 ML mail :
> >>
> >>> This workaround fixes that problem yes but it is not a good workaround
> especially if you want to offer opennebula to real customers. I hope
> another better alternative can be found in the future but I am aware that
> this is mostly a browser problem :|
> >>>
> >>> Regards
> >>> ML
> >>>
> >>>
> >>>
> >>> On Thursday, February 6, 2014 10:56 AM, Daniel Molina <
> dmol...@opennebula.org> wrote:
> >>> Hi,
> >>>
> >>>
> >>> On 5 February 2014 16:58, ML mail  wrote:
> >>>
> >>> Hello,
> >>>
> >>> I would like to use noVNC in Sunstone over an encrypted channel (WSS).
> Therefore I have generated my own SSL key and certificate which I have
> added to the sunstone-server.conf configuration. The problem is that this
> does not work, when I start VNC from the Sunstone web interface I get the
> following error message in novnc.log:
> >>>
> >>> SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> >>>
> >>> Does this mean I need an official SSL certificate?
> >>>
> >>>
> >>> Please, check if the solution proposed in this thread, fixes your
> problem
> >>>
> http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html
> >>>
> >>> Cheers
> >>>
> >>>
> >>>
> >>> Regards
> >>>
> >>> ML
> >>>
> >>>
> >>> ___
> >>> Users mailing list
> >>> Users@lists.opennebula.org
> >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> --
> >>> Daniel Molina
> >>> Project Engineer
> >>> OpenNebula - Flexible Enterprise Cloud Made Simple
> >>> www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
> >>>
> >>>
> >>>
> >>> ___
> >>> Users mailing list
> >>> Users@lists.opennebula.org
> >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>>
> >>
> >>
> >> ___
> >> Users mailing list
> >> Users@lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> >
> >
> >
> > --
> > Valentin Bud
> > http://databus.pro | valen...@databus.pro
>



-- 
Valentin Bud
http://databus.pro | valen...@databus.pro
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-03-07 Thread Wilma Hermann 
Hi Valentin,

> Last time I checked, my CA looked pretty real to me
Admittedly, "real" might have been the wrong word. Probably "common"
would have better described what I meant.

> And why is that? Is Verisign's random number generator better than yours?
No, but their root certificate is shipped with every common browser
out there, even on mobile devices.

> None of the RFCs I've read about PKI don't tell me that I SHOULD NOT use
> self signed certs for production environments.
Fair enough, that's true. And when you have an environment where you
can ensure that all users have your root certificate installed, then
there's no downside of a private CA-infrastructure. But from ML's
comments I assumed that this particular OpenNebula installation is to
be opened to the public (or at least an audience where ML cannot make
sure that the root certificate is trusted by default).
If that assumption holds and you're not willing to spend a few dollars
for an uninterrupted user-experience, then I question your business
model...

Greetings
Wilma


2014-03-07 17:37 GMT+01:00 Valentin Bud :
>
> Hello Wilma,
>
> On Thu, Feb 6, 2014 at 6:20 PM, Wilma Hermann  wrote:
>>
>> There is a really easy fix for that: Get a real certificate from a real CA. 
>> You should not use self-signed certs for a production environment.
>
>
> And why is that? Is Verisign's random number generator better than yours?
> A real certificate from a real CA? I don't get that. Last time I checked, my 
> CA
> looked pretty real to me, conforming with RFC 5280. And the certificates from 
> the
> browser and VPNs issued by that CA are also real.
>
> None of the RFCs I've read about PKI don't tell me that I SHOULD NOT use
> self signed certs for production environments.
>
> Your business's image could suffer from a self signed cert but that's another
> story. Technology is technology and it should work either way, be it self 
> signed
> or not.
>
> Best,
> Valentin
>
>>
>> Greetings
>> Wilma
>>
>>
>> 2014-02-06 ML mail :
>>
>>> This workaround fixes that problem yes but it is not a good workaround 
>>> especially if you want to offer opennebula to real customers. I hope 
>>> another better alternative can be found in the future but I am aware that 
>>> this is mostly a browser problem :|
>>>
>>> Regards
>>> ML
>>>
>>>
>>>
>>> On Thursday, February 6, 2014 10:56 AM, Daniel Molina 
>>>  wrote:
>>> Hi,
>>>
>>>
>>> On 5 February 2014 16:58, ML mail  wrote:
>>>
>>> Hello,
>>>
>>> I would like to use noVNC in Sunstone over an encrypted channel (WSS). 
>>> Therefore I have generated my own SSL key and certificate which I have 
>>> added to the sunstone-server.conf configuration. The problem is that this 
>>> does not work, when I start VNC from the Sunstone web interface I get the 
>>> following error message in novnc.log:
>>>
>>> SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>>>
>>> Does this mean I need an official SSL certificate?
>>>
>>>
>>> Please, check if the solution proposed in this thread, fixes your problem
>>> http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html
>>>
>>> Cheers
>>>
>>>
>>>
>>> Regards
>>>
>>> ML
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>>
>>>
>>> --
>>> --
>>> Daniel Molina
>>> Project Engineer
>>> OpenNebula - Flexible Enterprise Cloud Made Simple
>>> www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
>>>
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
>
> --
> Valentin Bud
> http://databus.pro | valen...@databus.pro
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-03-07 Thread Valentin Bud 
Hi,


On Thu, Feb 6, 2014 at 11:54 PM, ML mail  wrote:

> You are totally right, production needs a real cert...
>

I kindly disagree. People need education.

Best,
Valentin


>
> Regards,
> ML
>
>
>   On Thursday, February 6, 2014 5:20 PM, Wilma Hermann <
> wilma.herm...@gmail.com> wrote:
>   There is a really easy fix for that: Get a real certificate from a real
> CA. You should not use self-signed certs for a production environment.
>
> Greetings
> Wilma
>
>
> 2014-02-06 ML mail :
>
> This workaround fixes that problem yes but it is not a good workaround
> especially if you want to offer opennebula to real customers. I hope
> another better alternative can be found in the future but I am aware that
> this is mostly a browser problem :|
>
> Regards
> ML
>
>
>
>   On Thursday, February 6, 2014 10:56 AM, Daniel Molina <
> dmol...@opennebula.org> wrote:
>   Hi,
>
>
> On 5 February 2014 16:58, ML mail  wrote:
>
> Hello,
>
> I would like to use noVNC in Sunstone over an encrypted channel (WSS).
> Therefore I have generated my own SSL key and certificate which I have
> added to the sunstone-server.conf configuration. The problem is that this
> does not work, when I start VNC from the Sunstone web interface I get the
> following error message in novnc.log:
>
> SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>
> Does this mean I need an official SSL certificate?
>
>
> Please, check if the solution proposed in this thread, fixes your problem
>
> http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html
>
> Cheers
>
>
>
> Regards
>
> ML
>
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
>
> --
> --
> Daniel Molina
> Project Engineer
> OpenNebula - Flexible Enterprise Cloud Made Simple
> www.OpenNebula.org  | dmol...@opennebula.org| 
> @OpenNebula
>
>
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
>
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Valentin Bud
http://databus.pro | valen...@databus.pro
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-03-07 Thread Valentin Bud 
Hello Wilma,

On Thu, Feb 6, 2014 at 6:20 PM, Wilma Hermann wrote:

> There is a really easy fix for that: Get a real certificate from a real
> CA. You should not use self-signed certs for a production environment.
>

And why is that? Is Verisign's random number generator better than yours?
A real certificate from a real CA? I don't get that. Last time I checked,
my CA
looked pretty real to me, conforming with RFC 5280. And the certificates
from the
browser and VPNs issued by that CA are also real.

None of the RFCs I've read about PKI don't tell me that I SHOULD NOT use
self signed certs for production environments.

Your business's image could suffer from a self signed cert but that's
another
story. Technology is technology and it should work either way, be it self
signed
or not.

Best,
Valentin


> Greetings
> Wilma
>
>
> 2014-02-06 ML mail :
>
> This workaround fixes that problem yes but it is not a good workaround
>> especially if you want to offer opennebula to real customers. I hope
>> another better alternative can be found in the future but I am aware that
>> this is mostly a browser problem :|
>>
>> Regards
>> ML
>>
>>
>>
>>   On Thursday, February 6, 2014 10:56 AM, Daniel Molina <
>> dmol...@opennebula.org> wrote:
>>   Hi,
>>
>>
>> On 5 February 2014 16:58, ML mail  wrote:
>>
>> Hello,
>>
>> I would like to use noVNC in Sunstone over an encrypted channel (WSS).
>> Therefore I have generated my own SSL key and certificate which I have
>> added to the sunstone-server.conf configuration. The problem is that this
>> does not work, when I start VNC from the Sunstone web interface I get the
>> following error message in novnc.log:
>>
>> SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>>
>> Does this mean I need an official SSL certificate?
>>
>>
>> Please, check if the solution proposed in this thread, fixes your problem
>>
>> http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html
>>
>> Cheers
>>
>>
>>
>> Regards
>>
>> ML
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>>
>>
>> --
>> --
>> Daniel Molina
>> Project Engineer
>> OpenNebula - Flexible Enterprise Cloud Made Simple
>> www.OpenNebula.org  | dmol...@opennebula.org| 
>> @OpenNebula
>>
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Valentin Bud
http://databus.pro | valen...@databus.pro
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-03-06 Thread ML mail 
You are totally right, production needs a real cert... 


Regards,
ML




On Thursday, February 6, 2014 5:20 PM, Wilma Hermann  
wrote:
 
There is a really easy fix for that: Get a real certificate from a real CA. You 
should not use self-signed certs for a production environment.

Greetings
Wilma




2014-02-06 ML mail :

This workaround fixes that problem yes but it is not a good workaround 
especially if you want to offer opennebula to real customers. I hope another 
better alternative can be found in the future but I am aware that this is 
mostly a browser problem :|
>
>Regards
>ML
>
>
>
>
>
>
>On Thursday, February 6, 2014 10:56 AM, Daniel Molina  
>wrote:
> 
>Hi,
>
>
>
>On 5 February 2014 16:58, ML mail  wrote:
>
>Hello,
>>
>>I would like to use noVNC in Sunstone over an encrypted channel (WSS). 
>>Therefore I have generated my own SSL key and certificate which I have added 
>>to the sunstone-server.conf configuration. The problem is that this does not 
>>work, when I start VNC from the Sunstone web interface I get the following 
>>error message in novnc.log:
>>
>>SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>>
>>Does this mean I need an official SSL certificate?
>>
>
>
>Please, check if the solution proposed in this thread, fixes your problem
>http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html
>
>
>
>Cheers
> 
>
>>Regards
>>
>>ML
>>
>>___
>>Users mailing list
>>Users@lists.opennebula.org
>>http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
>
>
>-- 
>
>--
>Daniel Molina
>Project Engineer
>OpenNebula - Flexible Enterprise Cloud Made Simple
>www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
>
>
>___
>Users mailing list
>Users@lists.opennebula.org
>http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-02-06 Thread Wilma Hermann 
There is a really easy fix for that: Get a real certificate from a real CA.
You should not use self-signed certs for a production environment.

Greetings
Wilma


2014-02-06 ML mail :

> This workaround fixes that problem yes but it is not a good workaround
> especially if you want to offer opennebula to real customers. I hope
> another better alternative can be found in the future but I am aware that
> this is mostly a browser problem :|
>
> Regards
> ML
>
>
>
>   On Thursday, February 6, 2014 10:56 AM, Daniel Molina <
> dmol...@opennebula.org> wrote:
>  Hi,
>
>
> On 5 February 2014 16:58, ML mail  wrote:
>
> Hello,
>
> I would like to use noVNC in Sunstone over an encrypted channel (WSS).
> Therefore I have generated my own SSL key and certificate which I have
> added to the sunstone-server.conf configuration. The problem is that this
> does not work, when I start VNC from the Sunstone web interface I get the
> following error message in novnc.log:
>
> SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>
> Does this mean I need an official SSL certificate?
>
>
> Please, check if the solution proposed in this thread, fixes your problem
>
> http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html
>
> Cheers
>
>
>
> Regards
>
> ML
>
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
>
> --
> --
> Daniel Molina
> Project Engineer
> OpenNebula - Flexible Enterprise Cloud Made Simple
> www.OpenNebula.org  | dmol...@opennebula.org| 
> @OpenNebula
>
>
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-02-06 Thread ML mail 
This workaround fixes that problem yes but it is not a good workaround 
especially if you want to offer opennebula to real customers. I hope another 
better alternative can be found in the future but I am aware that this is 
mostly a browser problem :|

Regards
ML





On Thursday, February 6, 2014 10:56 AM, Daniel Molina  
wrote:
 
Hi,



On 5 February 2014 16:58, ML mail  wrote:

Hello,
>
>I would like to use noVNC in Sunstone over an encrypted channel (WSS). 
>Therefore I have generated my own SSL key and certificate which I have added 
>to the sunstone-server.conf configuration. The problem is that this does not 
>work, when I start VNC from the Sunstone web interface I get the following 
>error message in novnc.log:
>
>SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>
>Does this mean I need an official SSL certificate?
>

Please, check if the solution proposed in this thread, fixes your problem
http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html


Cheers
 

>Regards
>ML
>
>___
>Users mailing list
>Users@lists.opennebula.org
>http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 

--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Sunstone noVNC with WSS support

2014-02-06 Thread Daniel Molina 
Hi,


On 5 February 2014 16:58, ML mail  wrote:

> Hello,
>
> I would like to use noVNC in Sunstone over an encrypted channel (WSS).
> Therefore I have generated my own SSL key and certificate which I have
> added to the sunstone-server.conf configuration. The problem is that this
> does not work, when I start VNC from the Sunstone web interface I get the
> following error message in novnc.log:
>
> SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>
> Does this mean I need an official SSL certificate?
>

Please, check if the solution proposed in this thread, fixes your problem
http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html

Cheers


>
> Regards
> ML
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] Sunstone noVNC with WSS support

2014-02-05 Thread ML mail 
Hello,

I would like to use noVNC in Sunstone over an encrypted channel (WSS). 
Therefore I have generated my own SSL key and certificate which I have added to 
the sunstone-server.conf configuration. The problem is that this does not work, 
when I start VNC from the Sunstone web interface I get the following error 
message in novnc.log:

SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

Does this mean I need an official SSL certificate?

Regards
ML
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org