[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] libvirt tls vnc



On Thu, Feb 26, 2009 at 01:29:09PM +0100, Michael Kress wrote:
> Daniel P. Berrange wrote:
> >>     * http://www.karlrunge.com/x11vnc/ssvnc.html  (effect as described)
> >>     
> >
> > To quote that page:
> >
> > "SSVNC also supports the VeNCrypt SSL/TLS extension to VNC (Unix and Mac OS X only.) "
> >
> > So you're out of luck with Windows
> >
> >   
> 
> 
> Ok, this is no drawback - at least I know that I shouldn't invest
> further energy in Windows.
> Then I'll give a try on linux and mail the results later.
> 
> Although, I tried the VeNCrypt Viewer v0.2.6 under windows (forgot to
> mention that) and had the following results / message boxes:
> VNC/Authentication [X509None]: certificate issuer unknown.
> VNC/Authentication [X509None]: certificate not trusted.
> VNC/Authentication [X509None]: hostname mismatch.
> VeNCrypt Viewer : Question: The connection closed unexpectedly. Do you
> wish to attempt to reconnect to 127.0.0.1:0?

This indicates a mismatch between the hostname you told it to connect
to, and the hostname in the server certificate. If the host name in
the server certificate is foo.example.com, you *must* tell the VNC
client to connect to foo.example.com:0 and *not* localhost, or 127.0.0.1
or any other IP address it may have. Also sounds like the client may 
be missing the CA certificate, since it shouldn't say 
'certificate issuer unknown' if you've pointed it to the CA cert file
correctly.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]