Re: [libvirt-users] certificate pinning
On Mon, Dec 10, 2018 at 01:22:32PM +0300, Anastasiya Ruzhanskaya wrote:
And how libvirt checks that it trusts the CA? Just simply inspects
the
cacert.pem file? Or it has some information inside about by which CA were
signed client and server certificates and then compares against stored
values? I mean can I just concatenate after signing or I need to combine
two CAs before generating libvirt's client and server certificates?
Libvirt will check that the server's certificate is signed by any one of
the CAs listed.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|