Hello,
I am currently trying to install certificates for tls. By this time I have got some questions:
1) Is documentation in the web docs up-to-date regarding tls server, client, ca certificates? (actually I have some problems, but maybe this is due to smth has changed in certtools and was not updated in docs, perhaps some more fields are needed now).
2) there is a error in virt-pki-validate :
when determining whether host name matches CN name you assume, that CN is standing in the end. So I get an error:

The server certificate does not seem to match the host name
hostname: "barni"
Server certificate CN: "barni,O=libvirt.org"

CN field is standing at the beginning of line.

Seems that these are the appropriate lines in code:

258  S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'`
259  if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" != "`hostname`"