[SOLVED] SPICE connection problems related to certificate

R

redtex

Renowned Member
Sep 13, 2012
28
1
68
Hi !!!
I have successfully installed wildcard certificate from K Software to Proxmox VE. No issues with Chrome, when i browsing to Proxmox VE web interface. But when I trying to connect to VM with Windows 64bit VirtViewer 2.0 - I have error message:
Code: 
C:\temp>(remote-viewer.exe:1656): remote-viewer-DEBUG: No configuration file C:\Users\wadim\AppData\Local\virt-viewer\settings(remote-viewer.exe:1656): remote-viewer-DEBUG: fullscreen display 0: 0
(remote-viewer.exe:1656): remote-viewer-DEBUG: Opening display to 11.vv
(remote-viewer.exe:1656): remote-viewer-DEBUG: Guest (null) has a spice display
(remote-viewer.exe:1656): remote-viewer-DEBUG: After open connection callback fd=-1
(remote-viewer.exe:1656): remote-viewer-DEBUG: Opening connection to display at 11.vv
(remote-viewer.exe:1656): remote-viewer-DEBUG: New spice channel 000000000113BFA0 SpiceMainChannel 0
(remote-viewer.exe:1656): remote-viewer-DEBUG: notebook show status 0000000001133460
((null):1656): Spice-Warning **: ../../../spice-common/common/ssl_verify.c:429:openssl_verify: Error in certificate chain verification: unable to get
local issuer certificate (num=20:depth1:/C=US/ST=KY/L=Ashland/O=K Software/CN=K Software Certificate Authority (DV))


(remote-viewer.exe:1656): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)
(remote-viewer.exe:1656): remote-viewer-DEBUG: Disposing window 000000000115B0A0


(remote-viewer.exe:1656): remote-viewer-DEBUG: Set connect info: (null),(null),(null),-1,(null),(null),(null),0

I think, I have to put somewhere in Windows my pve-root-ca.crt. I've imported it - but no success.
Please, help !!!

Regards
Vadim.
 
Last edited:
I've re-issued certificate, completely followed this article http://pve.proxmox.com/wiki/HTTPSCer...eConfiguration and got the same:

Code: 
c:\temp>"C:\Program Files\VirtViewer v2.0256\bin\remote-viewer.exe" 1.vv


c:\temp>((null):3104): Spice-Warning **: ../../../spice-common/common/ssl_verify.c:429:openssl_verify: Error in certific
ate chain verification: unable to get issuer certificate (num=2:depth2:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST
 Network/CN=USERTrust RSA Certification Authority)


(remote-viewer.exe:3104): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)

In web browser - there is no problems, https is ok.
 
Thread can be cloded - it's ok.
The solution: I merged all certificates - my wildcard, intermediate1, intermediate2, root ca - in one file /etc/pve/local/pve-ssl.pem
the /etc/pve/root-ca.pem contains intermediate1, intermediate2, root ca
 
redtex said:
Thread can be cloded - it's ok. The solution: I merged all certificates - my wildcard, intermediate1, intermediate2, root ca - in one file /etc/pve/local/pve-ssl.pem the /etc/pve/root-ca.pem contains intermediate1, intermediate2, root ca
Click to expand...
Had the same issue, this fixed it, thanks! The wiki should be updated.
Code: 
cat server.pem intermediate_certificate.pem intermediate_certificate2.pem ca.pem > /etc/pve/local/pve-ssl.pem
Code: 
cat intermediate_certificate.pem intermediate_certificate2.pem ca.pem > /etc/pve/pve-root-ca.pem
 
Code: 
cd /etc/letsencrypt/live/www.xxx.de/

wget -O lets-encrypt-r3.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem
wget -O isrgrootx1.pem https://letsencrypt.org/certs/isrgrootx1.pem
cat lets-encrypt-r3.pem isrgrootx1.pem > pve-root-ca.pem

ssh proxmox-1 "cat >  /etc/pve/local/pve-ssl.pem" < /etc/letsencrypt/live/www.xxx.de/fullchain.pem
ssh proxmox-1 "cat > /etc/pve/local/pve-ssl.key" < /etc/letsencrypt/live/www.xxx.de/privkey.pem
ssh proxmox-1 "cat > /etc/pve/pve-root-ca.pem" < /etc/letsencrypt/live/www.xxx.de/pve-root-ca.pem
ssh proxmox-1 "systemctl restart pveproxy"
ssh proxmox-1 "systemctl restart pvedaemon"
 
You must log in or register to reply here.
Top Bottom