Hi Piotr,
In the current implementation, the plugin cannot be used to act as a sub-ordinate or intermediate CA out of the box. One can write a new CA plugin. However, for the default root-ca plugin you can set your own CA keypair and certificate in cloud.configuration table (this will require encrypting the value/string and updating in the table/db), the only requirement is that the CA certificate should have the same attributes/fields as generated by CloudStack for example the certificate can be used for signing other certificates (act as a CA) etc. - Rohit <https://cloudstack.apache.org> ________________________________ From: Piotr Pisz <[email protected]> Sent: Tuesday, July 17, 2018 4:11:48 PM To: [email protected] Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1 Hi Steve, Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)? Regards, Piotr [email protected] www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue -----Original Message----- From: Steve Roles <[email protected]> Sent: Monday, July 16, 2018 4:38 PM To: 'dev' <[email protected]>; [email protected] Subject: Secure Live KVM VM Migration with CloudStack 4.11.1 Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/ Best regards, [email protected] www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
