search for: certtool

Hello, I'm using certtool to generate the server certificates for ESXi - http://libvirt.org/remote.html#Remote_TLS_CA. I just copy the server certificate and key as /etc/vmware/ssl/rui.crt and /etc/vmware/ssl/rui.key. And then use virsh to connect from a CentOS 6.4 VM running on it - "virsh -c esx://<esx IP>....

On Tue, Oct 29, 2013 at 06:48:46PM -0700, Shiva Bhanujan wrote: > Hello, > > I'm using certtool to generate the server certificates for ESXi - > http://libvirt.org/remote.html#Remote_TLS_CA. I just copy the server > certificate and key as /etc/vmware/ssl/rui.crt and /etc/vmware/ssl/rui.key. > And then use virsh to connect from a CentOS 6.4 VM running on it - "virsh > -c esx...

...on the ESXi? > > Regards, > Shiva > > > > On Wed, Oct 30, 2013 at 2:45 AM, Daniel P. Berrange <berrange@redhat.com> > wrote: >> >> On Tue, Oct 29, 2013 at 06:48:46PM -0700, Shiva Bhanujan wrote: >> > Hello, >> > >> > I'm using certtool to generate the server certificates for ESXi - >> > http://libvirt.org/remote.html#Remote_TLS_CA. I just copy the server >> > certificate and key as /etc/vmware/ssl/rui.crt and >> > /etc/vmware/ssl/rui.key. >> > And then use virsh to connect from a CentOS 6.4 V...

...own ca) Doesn't this mean the CA cert wasn't found on the ESXi? Regards, Shiva On Wed, Oct 30, 2013 at 2:45 AM, Daniel P. Berrange <berrange@redhat.com>wrote: > On Tue, Oct 29, 2013 at 06:48:46PM -0700, Shiva Bhanujan wrote: > > Hello, > > > > I'm using certtool to generate the server certificates for ESXi - > > http://libvirt.org/remote.html#Remote_TLS_CA. I just copy the server > > certificate and key as /etc/vmware/ssl/rui.crt and > /etc/vmware/ssl/rui.key. > > And then use virsh to connect from a CentOS 6.4 VM running on it - &gt...

...ot; key_file="/etc/pki/vdsm/keys/vdsmkey.pem" ## end of configuration section by vdsm-4.10.2 # ls bkp-2013-08-16_110734_cacert.pem cacert.pem vdsmcert.pem bkp-2013-08-16_110734_vdsmcert.pem engine_web_ca.pem [root@ovpxen certs]# pwd /etc/pki/vdsm/certs [root@ovpxen certs]# certtool -i --infile engine_web_ca.pem | head X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Issuer: C=US,O=HP,CN=CA-IWFVM00772.hpswlabs.adapps.hp.com.64431 Validity: Not Before: Wed Jan 23 13:24:14 UTC 2013 Not After: Sun J...

The public cert part is good, but the private one begins with "Begin private key", not "RSA key." On Sun, 14 Jun 2015 15:54:23 +0200, you wrote: >Am 13.06.2015 um 22:11 schrieb Steve Matzura: >> On Sat, 13 Jun 2015 21:57:06 +0200, you wrote: >> >>> On Sat, Jun 13, 2015 at 03:41:26PM -0400, Steve Matzura wrote: >>>>>>>> Trying

Hello, I am currently trying to install certificates for tls. By this time I have got some questions: 1) Is documentation in the web docs up-to-date regarding tls server, client, ca certificates? (actually I have some problems, but maybe this is due to smth has changed in certtools and was not updated in docs, perhaps some more fields are needed now). 2) there is a error in virt-pki-validate : when determining whether host name matches CN name you assume, that CN is standing in the end. So I get an error: The server certificate does not seem to match the host name hostname:...

Thanks for the response. My current chain is as follows: caroot -> child-ca1 -> server cert My cacert.pem file has both the caroot and the child-ca1 certs. I have recompiled libvirt on my machine with some extra debug statements and verified that both the caroot cert and the child-ca1 certs are being loaded. But when I try to connect the caroot and child-ca1 certs only appear under the

Currently we test for qemu-img, socat, ss, certtool, etc at run time, but we test for qemu-io at compile time (in ./configure). This commit removes this inconsistency. I would consider the opposite patch (which makes qemu-img etc tested at configure time). The main advantage of testing for these binaries at run time is that tests are not "si...

I was wondering if anyone has managed to get a trusted certificated to work with Xen''s Encrypted VNC and Vencrypt? I can generate my own cert with Certtool and this works but as expected I get warnings from Vencrypt: "Certificate Issuer Unknown" "Certificate Not Trusted" "Hostname Mismatch" After some time working with my Cert provider I have a CA signed cert that works but still gives the exact same warnings. I restarte...

...e client certificate CA names" not the > certificate chain. The error I get on the client when connecting is that > the server identity could not be verified since the server isn't presenting > the entire CA chain just its own cert. Are you willing / able to share the output of certtool -i --infile <filename>.pem for the cacert.pem and servercert.pem on the server, and the likewise for the cacert.pem and clientcert.pem (if used) on the client the fails to connect? Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://li...

On 9/17/19 5:35 PM, Richard W.M. Jones wrote: > This neutral refactoring adds -DTLS_MODE. We can in future change the > requested TLS mode, but not in this commit. > > It also checks that nbd_get_tls_negotiated returns true after > connecting, when the requested mode was set to LIBNBD_TLS_REQUIRE. > --- > interop/Makefile.am | 4 ++++ > interop/interop.c | 26

Quoting Gedalya <gedalya at gedalya.net>: > On 05/27/2015 09:55 AM, Rick Romero wrote: >> Quoting Gedalya <gedalya at gedalya.net>: >> >>> On 05/26/2015 10:37 AM, Ron Leach wrote: >>>> https://weakdh.org/sysadmin.html >>>> >>>> includes altering DH parameters length to 2048, and re-specifying the >>>> allowable

...+set -e +set -x + +requires nbdsh -c 'exit (not h.supports_tls ())' + +# Does the nbdkit binary support TLS? +if ! nbdkit --dump-config | grep -sq tls=yes; then + echo "$0: nbdkit built without TLS support" + exit 77 +fi + +# Did we create the PSK keys file? +# Probably 'certtool' is missing. +if [ ! -s keys.psk ]; then + echo "$0: PSK keys file was not created by the test harness" + exit 77 +fi + +export sock=`mktemp -u` +pid="tlsdummy.pid" + +files="$sock $pid" +rm -f $files +cleanup_fn rm -f $files + +# Run dual-mode server +start_...

v2: * Improved documentation. * Added a test (interop with qemu client).

...matting functions to xenxs (Markus Gro?) - Moved SEXPR parsing functions to xenxs (Markus Gro?) - Moved some SEXPR functions from xen-unified (Markus Gro?) - Moved SEXPR unit to utils (Markus Gro?) - virt-*-validate.in: quote all variable references (Dan Kenigsberg) - virt-pki-validate: behave when CERTTOOL is missing (Dan Kenigsberg) - autobuild.sh: use VPATH build (Eric Blake) - maint: fix 'make dist' in VPATH build (Eric Blake) - build: don't require pod2man for tarball builds (Eric Blake) - hash: make virHashFree more free-like (Eric Blake) - build: Fix API docs generation in VPATH bui...

Patch 3 still needs tests added, but it is at least working from my simple command line tests. Eric Blake (3): server: Implement nbdkit_is_tls for use during .open server: Expose final thread_model to filter's .get_ready tlsdummy: New filter docs/nbdkit-filter.pod | 21 +- docs/nbdkit-plugin.pod | 34 ++- docs/nbdkit-tls.pod

libnbd-0.1.4-1 is now available in Fedora 29/30 updates testing. Diffs since v2 - rebase to master, bump from libnbd 0.1.2 to 0.1.3+, add tests to TLS usage which flushed out the need to turn relative pathnames into absolute, doc tweaks Now that the testsuite covers TLS and libnbd has been fixed to provide the things I found lacking when developing v2, I'm leaning towards pushing this on