On Tue, Apr 22, 2014 at 08:24:43AM -0600, Nathaniel Cook wrote:
Thanks for the response.
My current chain is as follows:
caroot -> child-ca1 -> server cert
My cacert.pem file has both the caroot and the child-ca1 certs. I have recompiled libvirt on my machine with some extra debug statements and verified that both the caroot cert and the child-ca1 certs are being loaded. But when I try to connect the caroot and child-ca1 certs only appear under the "Acceptable client certificate CA names" not the certificate chain. The error I get on the client when connecting is that the server identity could not be verified since the server isn't presenting the entire CA chain just its own cert.
Are you willing / able to share the output of certtool -i --infile <filename>.pem for the cacert.pem and servercert.pem on the server, and the likewise for the cacert.pem and clientcert.pem (if used) on the client the fails to connect? Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|