Secure connection with ESX server using libvirt virsh
Configure local certificate authority (CA) to establish secure connection with ESX server using libvirt virsh
Although it gives me great pleasure to write this blog and share this information, it was indeed painful to figure out how to set up secure connection with ESX using libvirt.
Following information should help you if you are using LDAP/Active Directory CA or you are using CA that is not listed in your current certificate bundle on Linux.
If your Certificate Authority is currently not listed in the CA bundle you will received following error while connecting to ESX server using virsh (usually after collecting authentication information)
Error: internal error curl_easy_perform() returned an error: Peer certificate cannot be authenticated with CA certificates (60) : SSL verify that the CA cert is OK. Details:
Error:14090086:SSL routines:SSL3_SERVER_CERTIFICATE:certificate verify failed
Error: failed to connect to the hypervisor
Follow these easy steps and you will be done.
Copy certificate authority certificate or certificate chain into /usr/local/share/ca-certificates/<certificate name>.cer
Rename the certificate to /<certificate name>.crt
Run update-ca-certificates
That should be it!
Run command on your terminal virsh –c esx://cdssrv03.cadencedatasoft.com that is it, make sure you are using your fully qualified server name.