[libvirt-users] Set a domain name instead of an ip address into tls certificate
Daniel P. Berrange
berrange at redhat.com
Mon Mar 3 09:47:33 UTC 2014
On Fri, Feb 28, 2014 at 07:48:35PM +0100, Pasquale Dir wrote:
> I tried to set cn=myMachine instead of cn=192.168.1.x
> and...everything frezees!
> virsh -c qemu://.../system
>
> tries to connect forever.
>
> You really need static ip addresses in the cn field??
> I think this is an HUGE bug: you are saying to me that each time I change
> network or ip (because, dear sirs, dhcp exists) I have to generate a whole
> new couple of certificates??
> I hope it is not the case....
Not sure why you're thinking libvirt only allows IP address - AFAIK
our docs don't say that, and indeed illustrate certifcate setup using
hostnames. http://libvirt.org/remote.html#Remote_certificates
The only requirement is that whatever string is in the 'server name'
part of the URI, is also present in the certificate in either the
CommonName or subjectaltname fields. When creating the certificate
you're free to use IP addresses or dns names, or a mixture of both
with subjectaltname
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list