Re-adding the libvirt-users list - please don't take discussions off-list. On Mon, Dec 10, 2018 at 01:10:18PM +0300, Anastasiya Ruzhanskaya wrote: > I already found out how to set up all the certificates and tls works fine > for me. > What if I want to put a proxy between client and server in libvirt? He has > his own CA, and this is only one more CA I would like libvirt to trust to. > Is it somehow achievable? I see that libvirt takes certificates only from > predefined paths. For me doesn't work if I just incert another CA > certificate to the cacert.pem file. Do you know any approaches how it can > be made in another way?
The cacert.pem file can contain multiple certificates, just concatenate all the CA pem files. > > пн, 10 дек. 2018 г. в 12:38, Daniel P. Berrangé <berra...@redhat.com>: > > > On Sat, Dec 08, 2018 at 11:19:40AM +0300, Anastasiya Ruzhanskaya wrote: > > > Hello! > > > Does libvirt uses certificate pinning in tls? I want to setup a > > transparent > > > proxy (mitmproxy) and can't do this even after I added mitmproxy ca > > > certificate to the trusted certificates in ubuntu. > > > > Libvirt doesn't ever use the global certificates stores, because public > > CAs are not relevant to libvirt deployments - indeed trusting the global > > cert store in the OS would lower security by opening it upto arbitrary > > CAs. See this doc for where libvirt finds CA certs > > > > https://libvirt.org/remote.html#Remote_certificates > > > > > > Regards, > > Daniel > > -- > > |: https://berrange.com -o- > > https://www.flickr.com/photos/dberrange :| > > |: https://libvirt.org -o- > > https://fstop138.berrange.com :| > > |: https://entangle-photo.org -o- > > https://www.instagram.com/dberrange :| > > Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
