Hi Piotr,
In the current implementation, the plugin cannot be used to act as a sub-ordinate or intermediate CA out of the box. One can write a new CA plugin. However, for the default root-ca plugin you can set your own CA keypair and certificate in cloud.configuration table (this will require encrypting the value/string and updating in the table/db), the only requirement is that the CA certificate should have the same attributes/fields as generated by CloudStack for example the certificate can be used for signing other certificates (act as a CA) etc. - Rohit <https://cloudstack.apache.org> ________________________________ From: Piotr Pisz <pp...@pulab.pl> Sent: Tuesday, July 17, 2018 4:11:48 PM To: users@cloudstack.apache.org Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1 Hi Steve, Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)? Regards, Piotr rohit.ya...@shapeblue.comĀ www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue -----Original Message----- From: Steve Roles <steve.ro...@shapeblue.com> Sent: Monday, July 16, 2018 4:38 PM To: 'dev' <d...@cloudstack.apache.org>; users@cloudstack.apache.org Subject: Secure Live KVM VM Migration with CloudStack 4.11.1 Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/ Best regards, steve.ro...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
