On Mon, Aug 25, 2014 at 04:09:56PM +, Dietmar Maurer wrote:
> > To make sure I understand, you start with a Root CA which I assume you
> > generated yourself and is self-signed?
>
> We use official certs from "StartCom Certification Authority" using
> " StartCom Class 2 Primary Intermediate
> Also, do you account for intermediate CA in your setup? You have basically
> two options how to handle it:
>
> 1) "standard": server-cert.pem should contain the whole chain of certificates
> under root CA, e.g:
> * Int. CA 1
> * Int. CA 2
> * server cert
> you just cat them to the fi
> To make sure I understand, you start with a Root CA which I assume you
> generated yourself and is self-signed?
We use official certs from "StartCom Certification Authority" using
" StartCom Class 2 Primary Intermediate Server CA" intermediate CA.
But we just observed that the same setup wor
Hi Dietmar,
do the certificate setup works for other TLS apps, such as web
server/browser or just simple openssl s_(server|client)?
Also, do you account for intermediate CA in your setup? You have
basically two options how to handle it:
1) "standard": server-cert.pem should contain the whole cha
Hey,
On Fri, Aug 22, 2014 at 08:22:22AM +, Dietmar Maurer wrote:
> I use the following certificate files:
>
> # openssl verify -CAfile /etc/pve/pve-root-ca.pem /etc/pve/local/pve-ssl.pem
> /etc/pve/local/pve-ssl.pem: OK
>
> I pass the content of /etc/pve/pve-root-ca.pem to virt-viewer:
> [vi
> I think you must be able to "openssl verify" your file without specifying the
> CAfile, if you want Spice ssl checks to pass.
Sorry, but how should that work? For example:
# cat server.pem intermediate_certificate.pem ca.pem >mix.pem
So the file contains all needed certificates, but:
# openss
Hi Dietmar
- Original Message -
> I use the following certificate files:
>
> # openssl verify -CAfile /etc/pve/pve-root-ca.pem /etc/pve/local/pve-ssl.pem
> /etc/pve/local/pve-ssl.pem: OK
>
> I pass the content of /etc/pve/pve-root-ca.pem to virt-viewer:
> [virt-viewer]
> ca=-BEGIN CE
I use the following certificate files:
# openssl verify -CAfile /etc/pve/pve-root-ca.pem /etc/pve/local/pve-ssl.pem
/etc/pve/local/pve-ssl.pem: OK
I pass the content of /etc/pve/pve-root-ca.pem to virt-viewer:
[virt-viewer]
ca=-BEGIN CERTIFICATE-\nXX/Q=\n-END CERTIFICATE-\