Problem to use Spice in my config

A

ade05fr

New Member
Dec 23, 2023
4
0
1
Hi

its my first post and i am a novice in Proxmox.
I have made an installation of proxmox through a migration of debian 12 bookworm.
i have created my first VM and it works fine, when im trying to connect it through the console no problem everything is fine.
But as soon as i try to use remote viewer from gnome i have this error message

Code: 
guest@nucboxk8plus:~$ remote-viewer Downloads/pve-spice.vv

(remote-viewer:4021): Spice-WARNING **: 09:10:41.882: ../subprojects/spice-common/common/ssl_verify.c:480:openssl_verify: Error in server certificate verification: self-signed certificate (num=18:depth0:/CN=firstprox)

(remote-viewer:4021): GSpice-WARNING **: 09:10:41.882: main-1:0: SSL_connect: error:00000001:lib(0)::reason(1)

what is the problem ?
i have checked the key file and the pem file which seem ok for me. (folders /etc/pve/nodes/firstprox/pve-ssl.key and /etc/pve/nodes/firstprox/pve-ssl.pem)

thanks for your help
ade05fr
 
Welcome to the Proxmox Community Forum :)

Normally this should work out of the box. Please check the server's certificates in the CMD:
Code: 
openssl verify -CAfile /etc/pve/pve-root-ca.pem /etc/pve/local/pve-ssl.pem
Is this ok?

But as soon as i try to use remote viewer from gnome i have this error message.
Click to expand...
What OS to you use for that?

And what version of the remote-viewer is installed?
Code: 
dpkg -l virt-viewer
remote-viewer --version
 
Here is the infos
Code: 
root@nucboxk8plus:~# openssl verify -CAfile /etc/pve/pve-root-ca.pem /etc/pve/local/pve-ssl.pem
/etc/pve/local/pve-ssl.pem: OK

root@nucboxk8plus:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

root@nucboxk8plus:~# remote-viewer --version
remote-viewer version 11.0
root@nucboxk8plus:~# openssl verify -CAfile /etc/pve/pve-root-ca.pem /etc/pve/local/pve-ssl.pem
/etc/pve/local/pve-ssl.pem: OK

root@nucboxk8plus:~# dpkg -l virt-viewer
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=====================================================
ii  virt-viewer    11.0-2       amd64        Displaying the graphical console of a virtual machine

if i try with virt-viewer instead of remote-viewer here is the output
Code: 
@nucboxk8plus:~/Downloads$ virt-viewer -v pve-spice.vv
Opening connection to libvirt with URI <null>
 
Last edited:
Everything is fine with the certificate on the server, and the version of the Virt Viewer is also up-to-date. Works for me with this setup.
Is there perhaps another layer between your client and the server, e.g. a firewall that performs SSL inspection?
Does it work with another client/workstation?

You could also try to store the CA certificate from Proxmox (/etc/pve/pve-root-ca.pem) on your local Debian and then try again. Copy it to

Code: 
/usr/local/share/ca-certificates
and update your local certificate store:
Code: 
update-ca-certificates
 
You must log in or register to reply here.
Top Bottom