Hi Uri, >> The CA certificate configured on the kvm host (saved as >> "/etc/pki/CA/cacert.pem") has to be copied to >> $HOME/.spicec/spice_trusstore.pem. A symbolic link also works fine. >> >> On Windows, you have to copy the CA cert "spice_trustore.pem" to >> "C:\Users\<YourUser>\.spicec". Note Windows Explorer will refuse to >> create a folder name starting with a dot, so you'll have to use the >> Windows Command Prompt. >> >> Then you can use connection URLs like "spice://kvmhost?tls-port=5901" >> and be assured you'll use only TLS connections to the spice display >> (checked using netstat on both Linux server and Windows client). > > Thanks for sharing this. > Another option is to use the command line option > --spice-ca-file=<ca-cert-pem-file> Yes, that's very nice when you work as a consultant and will connect to guests from different customers. Unfortunately the windows port won't accept --spice-ca-file. :-( Is there a similar option for virsh and/or virt-viewer? []s, Fernando Lozano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel