
I am thinking of using tls connection between my client and server instead of current ssh. I found https://libvirt.org/kbase/tlscerts.html and I want to know if it is possible to customise some setting (e.g. use my own cert names, or locations) but I was not able to. Moreover https://github.com/libvirt/libvirt/blob/44520f6e01580d6bada88b47e5b77e6bee02... suggests that these values are hardcoded. So my questions are: is it possible to customise these values? If so, how? How can I configure virt-manager with two connections, each with different CA? KJ -- http://stopstopnop.pl/stop_stopnop.pl_o_nas.html

On Wed, May 03, 2023 at 17:38:16 +0200, Kamil Jońca wrote:
I am thinking of using tls connection between my client and server instead of current ssh. I found https://libvirt.org/kbase/tlscerts.html and I want to know if it is possible to customise some setting (e.g. use my own cert names, or locations) but I was not able to.
Server-side location of the certificates can be configured in the appropriate config file based on how your host is configured ( /etc/libvirt/virtproxyd.conf, /etc/libvirt/libvirtd.conf, you also need to enable virtpoxyd's TLS socket). In the config file you have the following config options: key_file, cert_file, ca_file, crl_file
Moreover https://github.com/libvirt/libvirt/blob/44520f6e01580d6bada88b47e5b77e6bee02... suggests that these values are hardcoded.
The client file names need to conform to the expected values.
So my questions are: is it possible to customise these values? If so, how? How can I configure virt-manager with two connections, each with different CA?
The path to the directory containing the certificates can be changed per connection using the 'pkipath' URI argument. See: https://libvirt.org/uri.html#tls-transport
participants (2)
-
Kamil Jońca
-
Peter Krempa