On Sun, Dec 13, 2015 at 9:34 PM, Tobias --- <[email protected]> wrote: > Hello! > > I'm trying to create a certificate that contains the necessary options to > let libvirtd service work to as intended with remote control over TLS. > > I have created my own CA using certtool and the problem that I'm having is > with the server certificate. > The template that I'm using when I create the CSR is as follows: > organization = "Local libvirtd" > unit = "libvirtd server" > cn = "oink" > country = "SE" > state = "Sweden" > expiration_days = 1095 > tls_www_server > signing_key > encryption_key > I've also tried to make certtool honour the extensions which it does to a > certain degree. The "encryption_key" is not honored even if I try to enforce > it using the "honour_crq_extensions" option as well as using the above > template when I sign the CSR with the CA. The resulting PEM-encoded > certificate generates the following error during startup of libvirtd:
Hi, Could you send the command set that reproduces that? Note however, that if you have access to the CA key you don't need to go through a CSR to generate a certificate. You can generate it directly from the template. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
