openSUSE Leap Documentation › Virtualization Guide › Appendix
ContentsContents
Virtualization Guide
  1. About This Manual
  2. I Introduction
    1. 1 Virtualization Technology
    2. 2 Introduction to Xen Virtualization
    3. 3 Introduction to KVM Virtualization
    4. 4 Introduction to Linux Containers
    5. 5 Virtualization Tools
    6. 6 Installation of Virtualization Components
    7. 7 Supported Guests, Hosts and Features
  3. II Managing Virtual Machines with libvirt
    1. 8 Starting and Stopping libvirtd
    2. 9 Guest Installation
    3. 10 Basic VM Guest Management
    4. 11 Connecting and Authorizing
    5. 12 Managing Storage
    6. 13 Managing Networks
    7. 14 Configuring Virtual Machines
  4. III Hypervisor-Independent Features
    1. 15 Disk Cache Modes
    2. 16 VM Guest Clock Settings
    3. 17 libguestfs
  5. IV Managing Virtual Machines with Xen
    1. 18 Setting Up a Virtual Machine Host
    2. 19 Virtual Networking
    3. 20 Managing a Virtualization Environment
    4. 21 Block Devices in Xen
    5. 22 Virtualization: Configuration Options and Settings
    6. 23 Administrative Tasks
    7. 24 XenStore: Configuration Database Shared between Domains
    8. 25 Xen as a High-Availability Virtualization Host
  6. V Managing Virtual Machines with QEMU
    1. 26 QEMU Overview
    2. 27 Setting Up a KVM VM Host Server
    3. 28 Guest Installation
    4. 29 Running Virtual Machines with qemu-system-ARCH
    5. 30 Virtual Machine Administration Using QEMU Monitor
  7. VI Managing Virtual Machines with LXC
    1. 31 Linux Containers
    2. 32 Migration from LXC to libvirt-lxc
  8. Glossary
  9. A Virtual Machine Drivers
  10. B Appendix
  11. C XM, XL Toolstacks and Libvirt framework
  12. D GNU Licenses
Navigation
openSUSE Leap Documentation › Virtualization Guide › Appendix
Top
Applies to openSUSE Leap 42.1

B Appendix

B.1 Generating x509 Client/Server Certificates

B.1 Generating x509 Client/Server Certificates

To be able to create x509 client and server certificates you need to issue them by a Certificate Authority (CA). It is recommended to set up an independent CA that only issues certificates for libvirt.

  1. Set up a CA as described in Book “Security Guide”, Chapter 17 “Managing X.509 Certification”, Section 17.2.1 “Creating a Root CA”.

  2. Create a server and a client certificate as described in Book “Security Guide”, Chapter 17 “Managing X.509 Certification”, Section 17.2.4 “Creating or Revoking User Certificates”. The Common Name (CN) for the server certificate must be the fully qualified host name, while the Common Name for the client certificate can be freely chosen. For all other fields stick with the defaults suggested by YaST.

    Export the client and server certificates to a temporary location (for example, /tmp/x509/) by performing the following steps:

    1. Select the certificate on the certificates tab.

    2. Choose Export › Export to File › Certificate and the Key Unencrypted in PEM Format, provide the Certificate Password and the full path and the file name under File Name, for example, /tmp/x509/server.pem or /tmp/x509/client.pem.

    3. Open a terminal and change to the directory where you have saved the certificate and issue the following commands to split it into certificate and key (this example splits the server key): 

      csplit -z -f s_ server.pem '/-----BEGIN/' '{1}'
       mv s_00 servercert.pem
       mv s_01 serverkey.pem

    4. Repeat the procedure for each client and server certificate you would like to export.

  3. Finally export the CA certificate by performing the following steps:

    1. Switch to the Description tab.

    2. Choose Advanced › Export to File › Only the Certificate in PEM Format and enter the full path and the file name under File Name, for example, /tmp/x509/cacert.pem.

Appendix C XM, XL Toolstacks and Libvirt frameworkAppendix A Virtual Machine Drivers
Print this page

© 2018 SUSE