search for: remote_tls_server_certificates

Displaying 7 results from an estimated 7 matches for "remote_tls_server_certificates".

2019 Sep 04
3
Certificate checking on TLS migrations to an IP address
Hi, I'm trying to add TLS migrations to oVirt, but I've hit a problem with certificate checking. oVirt uses the destination host IP address, rather than the host name, in the migration URI passed to virDomainMigrateToURI3. One reason for doing that is that a separate migration network may be used for migrations, while the host name resolves to the management network interface. But it
2019 Sep 18
2
Re: Certificate checking on TLS migrations to an IP address
...it doesn't solve the problem with tracking IP address changes and updating the corresponding certificates whenever a change occurs. > If you look at our docs, we updated them to illustrate how to > issue certs containing hostnames + IP addresses: > > https://libvirt.org/remote.html#Remote_TLS_server_certificates > >> >> Is there any way to make TLS migrations working under these >> circumstances? For instance, SPICE remote-viewer allows the client to >> specify the certificate subject to expect on the host when connecting to >> it using an IP address. Can (or could) libv...
2019 Sep 19
2
Re: Certificate checking on TLS migrations to an IP address
...ess changes and updating the corresponding certificates whenever a >> change occurs. >> >> > If you look at our docs, we updated them to illustrate how to >> > issue certs containing hostnames + IP addresses: >> > >> > https://libvirt.org/remote.html#Remote_TLS_server_certificates >> > >> >> >> >> Is there any way to make TLS migrations working under these >> >> circumstances? For instance, SPICE remote-viewer allows the client to >> >> specify the certificate subject to expect on the host when connecting to >>...
2019 Sep 04
0
Re: Certificate checking on TLS migrations to an IP address
...eld should be completely ignored by compliant TLS clients, so you are free to put whatever you want in the common name - hostname or IP address or blah... If you look at our docs, we updated them to illustrate how to issue certs containing hostnames + IP addresses: https://libvirt.org/remote.html#Remote_TLS_server_certificates > > Is there any way to make TLS migrations working under these > circumstances? For instance, SPICE remote-viewer allows the client to > specify the certificate subject to expect on the host when connecting to > it using an IP address. Can (or could) libvirt do something similar...
2019 Sep 19
0
Re: Certificate checking on TLS migrations to an IP address
...th tracking IP > address changes and updating the corresponding certificates whenever a > change occurs. > > > If you look at our docs, we updated them to illustrate how to > > issue certs containing hostnames + IP addresses: > > > > https://libvirt.org/remote.html#Remote_TLS_server_certificates > > > >> > >> Is there any way to make TLS migrations working under these > >> circumstances? For instance, SPICE remote-viewer allows the client to > >> specify the certificate subject to expect on the host when connecting to > >> it using an IP...
2017 Dec 06
1
problem when use tls to connect libvirt
Hi guys, I met a problem when I use tls to connect libvirt. When I set the CN in client.info, server.info as hostname(FDQN), the tls check will fail with ip; and vice versa, when set CN as ip address, the tls check will fail with hostname. Only use what we set in can succeed. If this is expected? or I there was some issue in my env. or setup steps? 1. set tls env with hostname, then it will
2019 Sep 23
0
Re: Certificate checking on TLS migrations to an IP address
...the corresponding certificates whenever a >>> change occurs. >>> >>> > If you look at our docs, we updated them to illustrate how to >>> > issue certs containing hostnames + IP addresses: >>> > >>> > https://libvirt.org/remote.html#Remote_TLS_server_certificates >>> > >>> >> >>> >> Is there any way to make TLS migrations working under these >>> >> circumstances? For instance, SPICE remote-viewer allows the client to >>> >> specify the certificate subject to expect on the host when co...