Dear Daniel, I tried to pass the following parameter tls_no_verify_certificate = 1 on /etc/libvirt/libvirtd.conf but i still have the error below: *Migration failed due to an Error: Failed to connect to remote libvirt URI qemu+tls:/myhost/system: authentication failed: Failed to verify peer's certificate...*
I double checked my certificate cn and doesn't find the error. Do you know a way to deactivate the cn check the time I handle this certificate error. Kind regards, Julien Le jeu. 4 juil. 2024 à 14:18, Daniel P. Berrangé <berra...@redhat.com> a écrit : > On Thu, Jul 04, 2024 at 12:13:59PM -0000, jdeber...@gmail.com wrote: > > Hello Daniel, > > > > ty for your reply. > > > > based on your answer, I uncomment the following line > > "tls_no_verify_certificate = 1" in /etc/libvirt/libvirtd.conf > > and restart service libvirtd but I stil have the same issue. > > Do you have any suggestion to fix this issue ? > > That controls whether the server side libvirtd, requests a cert from the > incoming libvirtd. > > I believe your error message is about the client being unable to verify > the server. > > For the latter you need to append '?no_verify=1' to the URI you give > when initiating the migration > > The best thing though is to just fix your certificates, as by disabling > cert validation you no longer have any MITM protection, and TLS thus has > rather limited security value. > > With regards, > Daniel > -- > |: https://berrange.com -o- > https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- > https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- > https://www.instagram.com/dberrange :| > >
