External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-06 09:55:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: kbase/tlscerts: Fix links

Browse Source 
Most of the links were broken by moving the article into kbase, but in
this case we need to also fix the anchor names.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2022-05-31 15:45:38 +02:00
parent ce2426baff
commit 5aa78876e0
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/kbase/tlscerts.rst
View File

@ -84,12 +84,12 @@ clients. There are two distinct checks involved:
- The client should know that it is connecting to the right server. Checking
done by client by matching the certificate that the server sends to the
server's hostname. May be disabled by adding ``?no_verify=1`` to the `remote
URI <uri.html#Remote_URI_parameters>`__.
URI <../uri.html#tls-transport>`__.
- The server should know that only permitted clients are connecting. This can
be done based on client's IP address, or on client's IP address and client's
certificate. Checking done by the server. May be enabled and disabled in the
`libvirtd.conf file <remote.html#libvirtd-configuration-file>`__.
`libvirtd.conf file <../remote.html#libvirtd-configuration-file>`__.
For full certificate checking you will need to have certificates issued by a
recognised `Certificate Authority
@ -99,7 +99,7 @@ CA, you can set up your own CA and tell your server(s) and clients to trust
certificates issues by your own CA. Follow the instructions in the next section.
Be aware that the `default configuration for
libvirtd <remote.html#libvirtd-configuration-file>`__ allows any client to
libvirtd <../remote.html#libvirtd-configuration-file>`__ allows any client to
connect provided they have a valid certificate issued by the CA for their own IP
address. You may want to change this to make it less (or more) permissive,
depending on your needs.
@ -180,7 +180,7 @@ for validation may be discontinued entirely, so it is strongly recommended to
include the SAN fields.
In the example below, clients will be connecting to the server using a
`URI <uri.html#URI_remote>`__ of ``qemu://compute1.libvirt.org/system``, so the
`URI <../uri.html#remote-uris>`__ of ``qemu://compute1.libvirt.org/system``, so the
CN must be "``compute1.libvirt.org``".
Make a private key for the server: