Re: Set a domain name instead of an ip address into tls certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 28, 2014 at 07:48:35PM +0100, Pasquale Dir wrote:
> I tried to set cn=myMachine instead of cn=192.168.1.x
> and...everything frezees!
> virsh -c qemu://.../system
> 
> tries to connect forever.
> 
> You really need static ip addresses in the cn field??
> I think this is an HUGE bug: you are saying to me that each time I change
> network or ip (because, dear sirs, dhcp exists) I have to generate a whole
> new couple of certificates??
> I hope it is not the case....

Not sure why you're thinking libvirt only allows IP address - AFAIK
our docs don't say that, and indeed illustrate certifcate setup using
hostnames. http://libvirt.org/remote.html#Remote_certificates

The only requirement is that whatever string is in the 'server name'
part of the URI, is also present in the certificate in either the
CommonName or subjectaltname fields. When creating the certificate
you're free to use IP addresses or dns names, or a mixture of both
with subjectaltname

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users




[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux