Why error "remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list)..." is triggered while connecting to libvirtd remotely using TLS?
Issue
The following misleading error message gets logged in /var/log/messages of libvirtd server when a client tries to connect to the libvirtd server over a TLS connection.
error : remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the
client certificate, or run this daemon with --verbose option.
Environment
- Red Hat Enterprise Linux 5
- Communication between libvirtd client and libvirtd server is over a TLS connection.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
