Hey,
Just one note - dovecot is an example of a server which creates a
self-signed server cert in the %post scriptlet of its package.
It at least allows people to run the server without doing anything.
Anyone who wants a CA signed server cert can install one later.
Cheers,
Mark.
Richard W.M. Jones wrote:
Daniel P. Berrange wrote:
At the corporate end I'd expect them to have formal CA & certificate
issuing
procedures. Most community folks will likely end up just creating a
private
self-signed CA cert - if we document it, its a fairly trivial command or
two to run usin
Daniel P. Berrange wrote:
At the corporate end I'd expect them to have formal CA & certificate issuing
procedures. Most community folks will likely end up just creating a private
self-signed CA cert - if we document it, its a fairly trivial command or
two to run using openssl, or certtool.
Open
On Mon, Jan 15, 2007 at 06:23:35PM +, Richard W.M. Jones wrote:
> [Apologies also that this is not threaded with the original post]
>
> > $HOME/.libvirt/tls/
> > |
> > +- ca
> > | |
> > | +- cert.pem
> > | +- ca-crl.pem
>
> Note that there are standard locations fo
On Mon, Jan 15, 2007 at 08:44:22PM +, Mark McLoughlin wrote:
> Hi Dan,
>
> On Wed, 2007-01-10 at 23:59 +, Daniel P. Berrange wrote:
> > I now have the QEMU backend working with full wire encryption using the
> > TLS protocol, and so ready to start thinking about various authentication
> >
Hi Dan,
On Wed, 2007-01-10 at 23:59 +, Daniel P. Berrange wrote:
> I now have the QEMU backend working with full wire encryption using the
> TLS protocol, and so ready to start thinking about various authentication
> related issues.
If only we had decent SSH infrastructure. I'd love
[Apologies also that this is not threaded with the original post]
> $HOME/.libvirt/tls/
> |
> +- ca
> | |
> | +- cert.pem
> | +- ca-crl.pem
Note that there are standard locations for CA certs. On my Debian box
the standard locations appear to be /etc/ca-certificates
I now have the QEMU backend working with full wire encryption using the
TLS protocol, and so ready to start thinking about various authentication
related issues.
- The client needs to have the certificate of the CA in order to
validate the signature on the remote server's certificate
(aka,
