tls.rst (f4c4357fbfca0fb14e477bf661ae7384b4b9b283) tls.rst (f029f9112257c9a0e669c2955e8ace21a96704c1)
1.. _network_005ftls:
2
3TLS setup for network services
4------------------------------
5
6Almost all network services in QEMU have the ability to use TLS for
7session data encryption, along with x509 certificates for simple client
8authentication. What follows is a description of how to generate

--- 50 unchanged lines hidden (view full) ---

59interactive prompts from certtool::
60
61 # cat > ca.info <<EOF
62 cn = Name of your organization
63 ca
64 cert_signing_key
65 EOF
66 # certtool --generate-self-signed \
1.. _network_005ftls:
2
3TLS setup for network services
4------------------------------
5
6Almost all network services in QEMU have the ability to use TLS for
7session data encryption, along with x509 certificates for simple client
8authentication. What follows is a description of how to generate

--- 50 unchanged lines hidden (view full) ---

59interactive prompts from certtool::
60
61 # cat > ca.info <<EOF
62 cn = Name of your organization
63 ca
64 cert_signing_key
65 EOF
66 # certtool --generate-self-signed \
67 --load-privkey ca-key.pem
67 --load-privkey ca-key.pem \
68 --template ca.info \
69 --outfile ca-cert.pem
70
71The ``ca`` keyword in the template sets the v3 basic constraints
72extension to indicate this certificate is for a CA, while
73``cert_signing_key`` sets the key usage extension to indicate this will
74be used for signing other keys. The generated ``ca-cert.pem`` file
75should be copied to all servers and clients wishing to utilize TLS

--- 253 unchanged lines hidden --- 		68 --template ca.info \
69 --outfile ca-cert.pem
70
71The ``ca`` keyword in the template sets the v3 basic constraints
72extension to indicate this certificate is for a CA, while
73``cert_signing_key`` sets the key usage extension to indicate this will
74be used for signing other keys. The generated ``ca-cert.pem`` file
75should be copied to all servers and clients wishing to utilize TLS

--- 253 unchanged lines hidden ---