[libvirt-users] certificate pinning
Daniel P. Berrangé
berrange at redhat.com
Mon Dec 10 10:25:23 UTC 2018
On Mon, Dec 10, 2018 at 01:22:32PM +0300, Anastasiya Ruzhanskaya wrote:
> And how libvirt checks that it trusts the CA? Just simply inspects the
> cacert.pem file? Or it has some information inside about by which CA were
> signed client and server certificates and then compares against stored
> values? I mean can I just concatenate after signing or I need to combine
> two CAs before generating libvirt's client and server certificates?
Libvirt will check that the server's certificate is signed by any one of
the CAs listed.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvirt-users
mailing list