RHEL 6 Virtualization - 19.2. Remote management over TLS and SSL

Red Hat Enterprise Linux 9 Essentials Book now available.

Purchase a copy of Red Hat Enterprise Linux 9 (RHEL 9) Essentials

Red Hat Enterprise Linux 9 Essentials Print and eBook (PDF) editions contain 34 chapters and 298 pages

19.2. Remote management over TLS and SSL

You can manage virtual machines using TLS and SSL. TLS and SSL provides greater scalability but is more complicated than ssh (refer to Section 19.1, “Remote management with SSH”). TLS and SSL is the same technology used by web browsers for secure connections. The libvirt management connection opens a TCP port for incoming connections, which is securely encrypted and authenticated based on x509 certificates.

TLS/SSL access for virt-manager

The libvirt Wiki contains complete details on how to configure TLS/SSL access: https://wiki.libvirt.org/page/TLSSetup

To enable SSL and TLS for VNC, refer to the libvirt Wiki: https://wiki.libvirt.org/page/VNCTLSSetup. It is necessary to place the Certificate Authority Certificate, Client Certificate, and Client Certificate Private Key, in the following locations:

The Certificate Authority Certificate should be placed in /etc/pki/CA/cacert.pem.
The Client Certificate, signed by the CA, should be placed in either of:
- /etc/pki/libvirt-vnc/clientcert.pem for system wide use, or
- $HOME/.pki/libvirt-vnc/clientcert.pem for an individual user.
The Private Key for the Client Certificate should be placed in either of:
- /etc/pki/libvirt-vnc/private/clientkey.pem for system wide use, or
- $HOME/.pki/libvirt-vnc/private/clientkey.pem for an individual user.