top of page

Secure connection with ESX server using libvirt virsh


Configure local certificate authority (CA) to establish secure connection with ESX server using libvirt virsh

Although it gives me great pleasure to write this blog and share this information, it was indeed painful to figure out how to set up secure connection with ESX using libvirt.

Following information should help you if you are using LDAP/Active Directory CA or you are using CA that is not listed in your current certificate bundle on Linux.

If your Certificate Authority is currently not listed in the CA bundle you will received following error while connecting to ESX server using virsh (usually after collecting authentication information)

Error: internal error curl_easy_perform() returned an error: Peer certificate cannot be authenticated with CA certificates (60) : SSL verify that the CA cert is OK. Details:

Error:14090086:SSL routines:SSL3_SERVER_CERTIFICATE:certificate verify failed

Error: failed to connect to the hypervisor

Follow these easy steps and you will be done.

  1. Copy certificate authority certificate or certificate chain into /usr/local/share/ca-certificates/<certificate name>.cer

  2. Rename the certificate to /<certificate name>.crt

  3. Run update-ca-certificates

That should be it!

Run command on your terminal virsh –c esx://cdssrv03.cadencedatasoft.com that is it, make sure you are using your fully qualified server name.