Re: [libvirt-users] Using certtool to generate certificates for ESXi

Hi Daniel, thanks for the reply - The procedure I use is the same as I use for XenServer, and the certificate exchange works just fine. The only thing I'm a bit unclear on, is the location of the CA cert, which in the case of XenServer, I simply put it in /etc/pki/CA. And when I start the libvirtd daemon, it successfully picks it up. If I put the Server key and cert in /etc/vmware/ssl for ESXi, is there a location where I put the CA cert (cacert.pem)? Also, following are the log errors that I see - 2013-10-30T18:32:25.405Z [FFE81B90 error 'Default'] SSLStreamImpl::DoServerHandshake (ffd005d0) SSL_accept failed. Dumping SSL error queue: 2013-10-30T18:32:25.405Z [FFE81B90 error 'Default'] [0] error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 2013-10-30T18:32:25.405Z [FFE81B90 warning 'Default'] SSL Handshake failed for stream TCP(local=<ESXi>:443, peer=<client>:33776), error: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca) Doesn't this mean the CA cert wasn't found on the ESXi? Regards, Shiva On Wed, Oct 30, 2013 at 2:45 AM, Daniel P. Berrange <berrange(a)redhat.com&gt;wrote: