[one-users] Problem with Sunstone and x509 Auth

Georg georg at intelli-point.at
Mon Nov 21 03:15:56 PST 2011 

Hey!

I'm trying to get sunstone to work with x509 certificates but fail miserably

My configuration looks as follows:

 
Opennebula Version  3.0.0 compiled from source

 
Opennebula with passwords works as a charm and also with x509 on the CLI

 
What i'm trying to achieve is logging in from sunstone but i get a "

OpenNebula is not running" message.
 I already searched the newslist a bit and found a more detailed error after

using that fix
http://www.mail-archive.com/users@lists.opennebula.org/msg04410.html

 
 
The Error message is:

 Authentication failed. Username not found in certificate chain

 
 
 
I already checked the config for mistakes but because it's working on the CLI i don't think there's anything wrong with the certificates.

 
The sunstone configuration looks as following:

 
======================================

# OpenNebula sever contact information
:one_xmlrpc: http://localhost:2633/RPC2

# Server Configuration
:host: 127.0.0.1
:port: 9869

#:auth: basic
:auth: x509

# VNC Configuration
:vnc_proxy_base_port: 29876
:novnc_path: /srv/cloud/one/share/noVNC

 
======================================

 
 
For a secure web connection i use apache as proxy having following config

 
 
======================================

 
<VirtualHost *:443>
     DocumentRoot /var/www
     SSLEngine On
     SSLCertificateFile /etc/apache2/sslzert.pem
     SSLVerifyClient require
     SSLVerifyDepth 2
     SSLCACertificateFile /srv/cloud/one/certs/cacert.pem
      SSLOptions +StdEnvVars +ExportCertData

 

      ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /admin/ http://localhost:9869/
ProxyPassReverse /admin/ http://localhost:9869/
</VirtualHost>

 
 
My assumption is that there's something wrong with the apache/sunstone configuration, but i'm stuck at the moment

 
Any help would be aprecciated =)

 
Have a nice Day!

Georg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111121/99b1868b/attachment-0002.htm>

More information about the Users mailing list