On Wed, May 03, 2023 at 17:38:16 +0200, Kamil Jońca wrote: > > I am thinking of using tls connection between my client and server > instead of current ssh. > I found > https://libvirt.org/kbase/tlscerts.html and I want to know if it is > possible to customise some setting (e.g. use my own cert names, or > locations) > but I was not able to. Server-side location of the certificates can be configured in the appropriate config file based on how your host is configured ( /etc/libvirt/virtproxyd.conf, /etc/libvirt/libvirtd.conf, you also need to enable virtpoxyd's TLS socket). In the config file you have the following config options: key_file, cert_file, ca_file, crl_file > Moreover > https://github.com/libvirt/libvirt/blob/44520f6e01580d6bada88b47e5b77e6bee023ac6/src/rpc/virnettlscontext.c > suggests that these values are hardcoded. The client file names need to conform to the expected values. > So my questions are: is it possible to customise these values? If so, > how? How can I configure virt-manager with two connections, each with > different CA? The path to the directory containing the certificates can be changed per connection using the 'pkipath' URI argument. See: https://libvirt.org/uri.html#tls-transport
