Hello. I have a question about libvirt remote access. I read carefully how
to set up TLS authorization guide and I have done all the steps. Everything
works, but for my virtualization infrastructure I need more flexibility.
How can I configure a single host to trust more than one certificate
authority. Lets say, for example, that I have 10 virtualization hosts and
each of them has certificates signed by the same CA (lets say CA1) and they
trust each other. But I have a client which does not have a client
certificate signed by CA1, but has a certificate signed by CA2. I do not
want my virtualization hosts to trust the CA2 except for just one of them.
I want to provide this client with authorized access to one of my hosts. So
this specific host must trust CA1 and CA2 as well, but in the
'/etc/libvirt/libvirtd.conf' file I can point the certificate of only one
CA. How can I set up such a configuration ? The same question is valid for
the client. How can I configure a client to trust CA1 and CA2 ?
Show replies by thread