[libvirt-users] TLS and intermediate CA
Daniel P. Berrange
berrange at redhat.com
Tue Apr 22 14:35:58 UTC 2014
On Tue, Apr 22, 2014 at 08:24:43AM -0600, Nathaniel Cook wrote:
> Thanks for the response.
>
> My current chain is as follows:
>
> caroot -> child-ca1 -> server cert
>
> My cacert.pem file has both the caroot and the child-ca1 certs. I have
> recompiled libvirt on my machine with some extra debug statements and
> verified that both the caroot cert and the child-ca1 certs are being
> loaded. But when I try to connect the caroot and child-ca1 certs only
> appear under the "Acceptable client certificate CA names" not the
> certificate chain. The error I get on the client when connecting is that
> the server identity could not be verified since the server isn't presenting
> the entire CA chain just its own cert.
Are you willing / able to share the output of
certtool -i --infile <filename>.pem
for the cacert.pem and servercert.pem on the server, and the likewise for
the cacert.pem and clientcert.pem (if used) on the client the fails to
connect?
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list