[one-users] Sunstone noVNC with WSS support
Valentin Bud
valentin.bud at gmail.com
Fri Mar 7 08:37:26 PST 2014
Hello Wilma,
On Thu, Feb 6, 2014 at 6:20 PM, Wilma Hermann <wilma.hermann at gmail.com>wrote:
> There is a really easy fix for that: Get a real certificate from a real
> CA. You should not use self-signed certs for a production environment.
>
And why is that? Is Verisign's random number generator better than yours?
A real certificate from a real CA? I don't get that. Last time I checked,
my CA
looked pretty real to me, conforming with RFC 5280. And the certificates
from the
browser and VPNs issued by that CA are also real.
None of the RFCs I've read about PKI don't tell me that I SHOULD NOT use
self signed certs for production environments.
Your business's image could suffer from a self signed cert but that's
another
story. Technology is technology and it should work either way, be it self
signed
or not.
Best,
Valentin
> Greetings
> Wilma
>
>
> 2014-02-06 ML mail <mlnospam at yahoo.com>:
>
> This workaround fixes that problem yes but it is not a good workaround
>> especially if you want to offer opennebula to real customers. I hope
>> another better alternative can be found in the future but I am aware that
>> this is mostly a browser problem :|
>>
>> Regards
>> ML
>>
>>
>>
>> On Thursday, February 6, 2014 10:56 AM, Daniel Molina <
>> dmolina at opennebula.org> wrote:
>> Hi,
>>
>>
>> On 5 February 2014 16:58, ML mail <mlnospam at yahoo.com> wrote:
>>
>> Hello,
>>
>> I would like to use noVNC in Sunstone over an encrypted channel (WSS).
>> Therefore I have generated my own SSL key and certificate which I have
>> added to the sunstone-server.conf configuration. The problem is that this
>> does not work, when I start VNC from the Sunstone web interface I get the
>> following error message in novnc.log:
>>
>> SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>>
>> Does this mean I need an official SSL certificate?
>>
>>
>> Please, check if the solution proposed in this thread, fixes your problem
>>
>> http://lists.opennebula.org/pipermail/users-opennebula.org/2014-February/026405.html
>>
>> Cheers
>>
>>
>>
>> Regards
>>
>> ML
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>>
>>
>> --
>> --
>> Daniel Molina
>> Project Engineer
>> OpenNebula - Flexible Enterprise Cloud Made Simple
>> www.OpenNebula.org <http://www.opennebula.org/> | dmolina at opennebula.org| @OpenNebula
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
--
Valentin Bud
http://databus.pro | valentin at databus.pro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140307/301b4a92/attachment-0002.htm>
More information about the Users
mailing list