hi all
on client side , (cacert.pem,clientcert.pem,clientkey.pem) certificate are in position.
spicec can connect server(kvm host) successfully.
'virsh -c qemu+tcp ' can work well.
but virsh command line error when launch virsh -c qemu+tls..............
[root@ovirtdev libvirt]# virsh -d 0 -c qemu+tls://192.168.5.113/system hostname
commands: "hostname"
2013-03-06 07:05:22.716+0000: 22245: info : libvirt version: 0.9.10, package: 21.el6_3.8
(CentOS BuildSystem <
http://bugs.centos.org>, 2013-01-28-19:24:16,
c6b10.bsys.dev.centos.org)
2013-03-06 07:05:22.716+0000: 22245: warning : virNetTLSContextCheckCertificate:1093 :
Certificate check failed Certificate failed validation: The certificate hasn't got a
known issuer.
error: authentication failed: Failed to verify peer's certificate
error: failed to connect to the hypervisor
[root@ovirtdev libvirt]#
This means that the certificate did not validate against the CA
certificate. ie the server's cert was not signed by the CA cert
that the client has
Daniel
--
|: