[SOLVED] SPICE connection problems related to certificate

redtex

Renowned Member
Sep 13, 2012
28
1
68
Hi !!!
I have successfully installed wildcard certificate from K Software to Proxmox VE. No issues with Chrome, when i browsing to Proxmox VE web interface. But when I trying to connect to VM with Windows 64bit VirtViewer 2.0 - I have error message:
Code:
C:\temp>(remote-viewer.exe:1656): remote-viewer-DEBUG: No configuration file C:\Users\wadim\AppData\Local\virt-viewer\settings(remote-viewer.exe:1656): remote-viewer-DEBUG: fullscreen display 0: 0
(remote-viewer.exe:1656): remote-viewer-DEBUG: Opening display to 11.vv
(remote-viewer.exe:1656): remote-viewer-DEBUG: Guest (null) has a spice display
(remote-viewer.exe:1656): remote-viewer-DEBUG: After open connection callback fd=-1
(remote-viewer.exe:1656): remote-viewer-DEBUG: Opening connection to display at 11.vv
(remote-viewer.exe:1656): remote-viewer-DEBUG: New spice channel 000000000113BFA0 SpiceMainChannel 0
(remote-viewer.exe:1656): remote-viewer-DEBUG: notebook show status 0000000001133460
((null):1656): Spice-Warning **: ../../../spice-common/common/ssl_verify.c:429:openssl_verify: Error in certificate chain verification: unable to get
local issuer certificate (num=20:depth1:/C=US/ST=KY/L=Ashland/O=K Software/CN=K Software Certificate Authority (DV))


(remote-viewer.exe:1656): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)
(remote-viewer.exe:1656): remote-viewer-DEBUG: Disposing window 000000000115B0A0


(remote-viewer.exe:1656): remote-viewer-DEBUG: Set connect info: (null),(null),(null),-1,(null),(null),(null),0

I think, I have to put somewhere in Windows my pve-root-ca.crt. I've imported it - but no success.
Please, help !!!

Regards
Vadim.
 
Last edited:
I've re-issued certificate, completely followed this article http://pve.proxmox.com/wiki/HTTPSCer...eConfiguration and got the same:

Code:
c:\temp>"C:\Program Files\VirtViewer v2.0256\bin\remote-viewer.exe" 1.vv


c:\temp>((null):3104): Spice-Warning **: ../../../spice-common/common/ssl_verify.c:429:openssl_verify: Error in certific
ate chain verification: unable to get issuer certificate (num=2:depth2:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST
 Network/CN=USERTrust RSA Certification Authority)


(remote-viewer.exe:3104): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)

In web browser - there is no problems, https is ok.
 
Thread can be cloded - it's ok.
The solution: I merged all certificates - my wildcard, intermediate1, intermediate2, root ca - in one file /etc/pve/local/pve-ssl.pem
the /etc/pve/root-ca.pem contains intermediate1, intermediate2, root ca
 
Thread can be cloded - it's ok. The solution: I merged all certificates - my wildcard, intermediate1, intermediate2, root ca - in one file /etc/pve/local/pve-ssl.pem the /etc/pve/root-ca.pem contains intermediate1, intermediate2, root ca
Had the same issue, this fixed it, thanks! The wiki should be updated.
Code:
cat server.pem intermediate_certificate.pem intermediate_certificate2.pem ca.pem > /etc/pve/local/pve-ssl.pem
Code:
cat intermediate_certificate.pem intermediate_certificate2.pem ca.pem > /etc/pve/pve-root-ca.pem
 
Code:
cd /etc/letsencrypt/live/www.xxx.de/

wget -O lets-encrypt-r3.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem
wget -O isrgrootx1.pem https://letsencrypt.org/certs/isrgrootx1.pem
cat lets-encrypt-r3.pem isrgrootx1.pem > pve-root-ca.pem

ssh proxmox-1 "cat >  /etc/pve/local/pve-ssl.pem" < /etc/letsencrypt/live/www.xxx.de/fullchain.pem
ssh proxmox-1 "cat > /etc/pve/local/pve-ssl.key" < /etc/letsencrypt/live/www.xxx.de/privkey.pem
ssh proxmox-1 "cat > /etc/pve/pve-root-ca.pem" < /etc/letsencrypt/live/www.xxx.de/pve-root-ca.pem
ssh proxmox-1 "systemctl restart pveproxy"
ssh proxmox-1 "systemctl restart pvedaemon"
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!