When I set the CN in
client.info,
server.info as hostname(FDQN), the tls check will fail with ip; and vice versa, when set CN as ip address, the tls check will fail with hostname. Only use what we set in can succeed. If this is expected? or I there was some issue in my env. or setup steps?
1. set tls env with hostname, then it will fail to check with ip
2017-12-06 13:24:52.346+0000: 3954: warning : virNetTLSContextCheckCertificate:1125 : Certificate check failed Certificate [session] owner does not match the hostname 192.168.122.4
error: failed to connect to the hypervisor
error: authentication failed: Failed to verify peer's certificate
2. use the hostname as what we set can succeed.
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
64 bytes from
test.englab.cn (192.168.122.4): icmp_seq=1 ttl=64 time=0.235 ms
64 bytes from
test.englab.cn (192.168.122.4): icmp_seq=2 ttl=64 time=0.204 ms
...
-------
Best Regards,
Yalan Zhang