Libvirt absichern: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 26: | Zeile 26: | ||
cert_file = "/etc/pki/libvirt/spock.xinux.lan.crt" | cert_file = "/etc/pki/libvirt/spock.xinux.lan.crt" | ||
ca_file = "/etc/pki/CA/cacert.pem" | ca_file = "/etc/pki/CA/cacert.pem" | ||
| + | ==Services restarten== | ||
| + | *systemctl restart libvirt-bin | ||
| + | *systemctl restart libvirtd | ||
=Client= | =Client= | ||
Version vom 10. Oktober 2017, 12:37 Uhr
Schlüssel erzeugen
- xinuxpki cert spock.xinux.lan
oder mit openssl
Schlüssel und Zertifkate
Privater Schlüssel
spock.xinux.lan.key
Öffentlicher Schlüssel und Zertifikat
spock.xinux.lan.crt
Öffentlicher Schlüssel und Zertifikat der CA
xin-ca.crt
Server
Directory erzeugen und Datein kopieren
- mkdir -p /etc/pki/libvirt/private
- mkdir -p /etc/pki/CA
- cp xin-ca.crt /etc/pki/CA/cacert.pem
- cp spock.xinux.lan.crt /etc/pki/libvirt
- cp spock.xinux.lan.key /etc/pki/libvirt/private
Konfiguration
- cat /etc/default/libvirt-bin
start_libvirtd="yes" libvirtd_opts="-l"
- cat /etc/libvirt/libvirtd.conf
listen_tls = 1 tls_port = "16514" key_file = "/etc/pki/libvirt/private/spock.xinux.lan.key" cert_file = "/etc/pki/libvirt/spock.xinux.lan.crt" ca_file = "/etc/pki/CA/cacert.pem"
Services restarten
- systemctl restart libvirt-bin
- systemctl restart libvirtd
Client
Directory erzeugen und Datein kopieren
- mkdir -p /etc/pki/libvirt/private
- mkdir -p /etc/pki/CA
- cp xin-ca.crt /etc/pki/CA/cacert.pem
- cp bajor.xinux.lan.crt /etc/pki/libvirt/clientcert.pem
- cp bajor.xinux.lan.key /etc/pki/libvirt/private/clientkey.pem