----- Original Message ----- > From: "Darrell Budic" <bu...@onholyground.com> > To: "Simone Tiraboschi" <stira...@redhat.com> > Cc: "users" <users@ovirt.org> > Sent: Friday, February 20, 2015 5:57:10 PM > Subject: Re: [ovirt-users] Unable to run noVNC console un recent browsers > > I had some trouble with self signed certs in firefox when they switch to the > new pkix stuff recently, have you tried setting > security.use_mozillapkix_verification to false?
The websocket proxy cert is not self-signed: it's normally signed by the internal oVirt CA. > > On Feb 20, 2015, at 8:56 AM, Simone Tiraboschi <stira...@redhat.com> wrote: > > > > > > > > ----- Original Message ----- > >> From: "Donny Davis" <do...@cloudspin.me> > >> To: "Simone Tiraboschi" <stira...@redhat.com> > >> Cc: users@ovirt.org > >> Sent: Friday, February 20, 2015 3:53:04 PM > >> Subject: RE: [ovirt-users] Unable to run noVNC console un recent browsers > >> > >> No, I made my life easy and used nginx to proxy for the websocket. I was > >> then > >> able to use my commercial ssl cert to avoid all of these issues. Using a > >> proxy for a proxy has been working out quite well for cloudspin, because I > >> don't have to mess with anything internal to the engine and noVNC works > >> without issue. > > > > Yes, using the oVirt internal CA is just the low-profile out of the box > > solution. > > > >> DonnyD > >> > >> -----Original Message----- > >> From: Simone Tiraboschi [mailto:stira...@redhat.com] > >> Sent: Friday, February 20, 2015 7:03 AM > >> To: Donny Davis > >> Subject: Re: [ovirt-users] Unable to run noVNC console un recent browsers > >> > >> > >> > >> ----- Original Message ----- > >>> From: "Donny Davis" <do...@cloudspin.me> > >>> To: "Simone Tiraboschi" <stira...@redhat.com> > >>> Sent: Friday, February 20, 2015 2:23:56 PM > >>> Subject: RE: [ovirt-users] Unable to run noVNC console un recent > >>> browsers > >>> > >>> Is your websocket proxy on the same machine as your engine. I also get > >>> the CA error when the time it off. The proxy throws the error to > >>> /var/log/messages > >> > >> Hi Donny, > >> I'm using the proxy on the same machine where the engine runs. > >> No error till now no my side. > >> > >> I also trusted oVirt internal CA to sign other certs in my browser. Did > >> you? > >> You can find it at https://{engine}/ca.crt > >> > >> You should download it and add to the list of trusted certification > >> authorities in your browser. > >> > >>> -----Original Message----- > >>> From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On > >>> Behalf Of Simone Tiraboschi > >>> Sent: Friday, February 20, 2015 5:57 AM > >>> To: Stefano Danzi > >>> Cc: users@ovirt.org > >>> Subject: Re: [ovirt-users] Unable to run noVNC console un recent > >>> browsers > >>> > >>> > >>> > >>> ----- Original Message ----- > >>>> From: "Stefano Danzi" <s.da...@hawai.it> > >>>> To: "Darrell Budic" <bu...@onholyground.com> > >>>> Cc: users@ovirt.org > >>>> Sent: Friday, February 20, 2015 9:07:51 AM > >>>> Subject: Re: [ovirt-users] Unable to run noVNC console un recent > >>>> browsers > >>>> > >>>> Hello! > >>>> Already done but this didn't help. > >>>> > >>>> I downloaded a portable version of Firefox 17 and noVNC work as > >>>> expected. > >>>> > >>>> Il 20/02/2015 5.18, Darrell Budic ha scritto: > >>>> > >>>> > >>>> > >>>> Try reimporting the ca.cert for noVNC by connecting directly to the > >>>> webproxy address at port 6100. Do this by trying to connect to a > >>>> console and then, once the 1006 error shows up, just strip off > >>>> everything after :6100/ . I've found that somewhere in or after 3.5, > >>>> restarting the webproxy causes it to generate its own new ca.cert > >>>> even > >>> through it shouldn't. > >>>> > >>>> -Darrell > >>>> > >>>> > >>>> > >>>> On Feb 19, 2015, at 4:09 PM, Stefano Danzi <s.da...@hawai.it> wrote: > >>>> > >>>> Hello, > >>>> > >>>> I can't make work noVNC console on recent browsers (Chrome 40, > >>>> Firefox > >>>> 35 and IE 11). > >>>> > >>>> The error that I have is already explained here: > >>>> https://forge.univention.org/bugzilla/show_bug.cgi?id=33587 I tried > >>>> to change websocket like suggested ( > >>>> http://errata.univention.de/ucs/3.2/31.html ) but this not helped. > >>> > >>> noVNC 0.5.1 should be soon released in EPEL6/EPEL7 as for [1]. > >>> noVNC 0.5.1 should also improve compatibility with recent browsers. > >>> > >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1193454#c3 > >>> > >>> > >>>> Someone know a workaround? > >>>> _______________________________________________ > >>>> Users mailing list Users@ovirt.org > >>>> http://lists.ovirt.org/mailman/listinfo/users > >>>> > >>>> > >>>> _______________________________________________ > >>>> Users mailing list > >>>> Users@ovirt.org > >>>> http://lists.ovirt.org/mailman/listinfo/users > >>>> > >>> _______________________________________________ > >>> Users mailing list > >>> Users@ovirt.org > >>> http://lists.ovirt.org/mailman/listinfo/users > >>> > >>> > >> > >> > > _______________________________________________ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users