Mention that the tls socket needs to be started and the libvirtd or virtproxyd service might have to be started. If this is not done the user might run into connection issues and it seems this is not mentioned elsewhere in the docs. Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Sebastian Mitterle <smitterl@redhat.com> --- docs/kbase/tlscerts.rst | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/docs/kbase/tlscerts.rst b/docs/kbase/tlscerts.rst index 215d454998..5a1cb4be0d 100644 --- a/docs/kbase/tlscerts.rst +++ b/docs/kbase/tlscerts.rst @@ -317,10 +317,32 @@ briefly cover the steps. Troubleshooting TLS certificate problems ---------------------------------------- -failed to verify client's certificate - On the server side, run the libvirtd server with the '--listen' and - '--verbose' options while the client is connecting. The verbose log messages - should tell you enough to diagnose the problem. +* TLS socket + + After setting up your sever certificates you'll have to start libvirt's + tls socket and restart the corresponding daemon if it was already running, + i.e. + + * for modular daemon setup run + + :: + + systemctl start virtproxyd-tls.socket + systemctl try-start virtproxyd.service + + * for monolithic daemon setup run + + :: + + systemctl start libvirtd-tls.socket + systemctl try-start libvirtd.service + + +* failed to verify client's certificate + + On the server side, run the libvirtd server with the '--listen' and + '--verbose' options while the client is connecting. The verbose log messages + should tell you enough to diagnose the problem. You can use the virt-pki-validate shell script to analyze the setup on the client or server machines, preferably as root. It will try to point out the -- 2.50.1