OK, so I figured out my own problem. Basically I needed to add the ca chain
to each of the cert files. The cacert.pem file had the entire chain but
since the clientcert.pem and the servercert.pem files only had a single
cert during the handshake the chains were not presented and so verification
fai
On Tue, Apr 22, 2014 at 08:24:43AM -0600, Nathaniel Cook wrote:
> Thanks for the response.
>
> My current chain is as follows:
>
> caroot -> child-ca1 -> server cert
>
> My cacert.pem file has both the caroot and the child-ca1 certs. I have
> recompiled libvirt on my machine with some extra debu
Thanks for the response.
My current chain is as follows:
caroot -> child-ca1 -> server cert
My cacert.pem file has both the caroot and the child-ca1 certs. I have
recompiled libvirt on my machine with some extra debug statements and
verified that both the caroot cert and the child-ca1 certs are
On Mon, Apr 21, 2014 at 04:51:00PM -0600, Nathaniel Cook wrote:
> I have been trying to get set of libvirtd system up and running. My PKI
> infrastructure involves a root CA and several intermediate CAs. I am trying
> to get the machines to trust each other across the different intermediate
> CAs.
