> On 23 Dec 2015, at 13:18, Kristof VAN DEN EYNDEN > <kristof.vandeneyn...@politiewestkust.be> wrote: > > I was trying to get Spice or VNC to work on Firefox. After activating the > ovirt-websocket-proxy settings (using this guide > https://access.redhat.com/solutions/718653) > > I kept on getting error - Server disconnected (code: 1006). This pointed me > to other posts stating it was a certificate issue. After doing some research > I found post: https://bugzilla.redhat.com/show_bug.cgi?id=1098574 > > So I started tracing the messages: grep -i 'websocket.*trace' > /var/log/messages > > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,314 ovirt-websocket-proxy: INFO > msg:824 Got SIGTERM, exiting > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,314 ovirt-websocket-proxy: INFO > msg:824 In exit > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,514 ovirt-websocket-proxy: INFO > msg:824 WebSocket server settings: > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,515 ovirt-websocket-proxy: INFO > msg:824 - Listen on *:6100 > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,515 ovirt-websocket-proxy: INFO > msg:824 - Flash security policy server > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,515 ovirt-websocket-proxy: INFO > msg:824 - SSL/TLS support > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,515 ovirt-websocket-proxy: INFO > msg:824 - Deny non-SSL/TLS connections > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,515 ovirt-websocket-proxy: INFO > msg:824 - Recording to '/tmp/websocketproxy_trace.log.*' > Dec 23 13:47:07 ovirt36 2015-12-23 13:47:07,519 ovirt-websocket-proxy: INFO > msg:824 - proxying from *:6100 to targets in /dummy > Dec 23 13:47:19 ovirt36 2015-12-23 13:47:19,543 ovirt-websocket-proxy: INFO > msg:824 handler exception: [Errno 1] _ssl.c:1390: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificate > Dec 23 13:48:12 ovirt36 2015-12-23 13:48:12,328 ovirt-websocket-proxy: INFO > msg:824 handler exception: [Errno 1] _ssl.c:1390: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificate > Dec 23 13:49:49 ovirt36 2015-12-23 13:49:49,420 ovirt-websocket-proxy: INFO > msg:824 handler exception: [Errno 1] _ssl.c:1390: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificate > Dec 23 13:55:36 ovirt36 2015-12-23 13:55:36,114 ovirt-websocket-proxy: INFO > msg:824 handler exception: [Errno 1] _ssl.c:1390: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > Dec 23 13:56:40 ovirt36 2015-12-23 13:56:40,201 ovirt-websocket-proxy: INFO > msg:824 handler exception: [Errno 1] _ssl.c:1390: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > > So I added the certificate by surfing to https://(ovirt)/ca.crt > which gives following box in firefox : > > > > So I assume it would be OK now? Nevertheless it still doesn’t work! > /var/log/messages still shows the same error? On another post I found that > someone surfed to https://(ovirt):6100 and accepted the certificiate there. > So I did the same thing which solved my problem immediately. > > I don’t quite understand the issue, feels like the CA is not getting > authorized or the 2 certificates do not belong to the same CA ?
Indeed it looks like two different CAs. Can you please check whether they are the same or not? How did you install the websocket proxy, together at the same time as you installed engine or later? Was it an upgrade from 3.5? Note you need the proxy only for web-based clients, remote-viewer (or custom vnc viewer) doesn't need any Thanks, michal > > I can continue like this, but I feel it should be easier to complete? > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
