Dear Daniel,
I tried to pass the following parameter tls_no_verify_certificate = 1 on /etc/libvirt/libvirtd.conf but i still have the error below:
Migration failed due to an Error: Failed to connect to remote libvirt URI qemu+tls:/myhost/system: authentication failed: Failed to verify peer's certificate...
I double checked my certificate cn and doesn't find the error. Do you know a way to deactivate the cn check the time I handle this certificate error.
Kind regards,
Julien
Le jeu. 4 juil. 2024 à 14:18, Daniel P. Berrangé <berrange@xxxxxxxxxx> a écrit :
On Thu, Jul 04, 2024 at 12:13:59PM -0000, jdeberles@xxxxxxxxx wrote:
> Hello Daniel,
>
> ty for your reply.
>
> based on your answer, I uncomment the following line
> "tls_no_verify_certificate = 1" in /etc/libvirt/libvirtd.conf
> and restart service libvirtd but I stil have the same issue.
> Do you have any suggestion to fix this issue ?
That controls whether the server side libvirtd, requests a cert from the
incoming libvirtd.
I believe your error message is about the client being unable to verify
the server.
For the latter you need to append '?no_verify=1' to the URI you give
when initiating the migration
The best thing though is to just fix your certificates, as by disabling
cert validation you no longer have any MITM protection, and TLS thus has
rather limited security value.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
