Why error "remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list)..." is triggered while connecting to libvirtd remotely using TLS?

Solution Verified - Updated -

Issue

The following misleading error message gets logged in /var/log/messages of libvirtd server when a client tries to connect to the libvirtd server over a TLS connection.

error : remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list).  Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the
client certificate, or run this daemon with --verbose option.

Environment

  • Red Hat Enterprise Linux 5
  • Communication between libvirtd client and libvirtd server is over a TLS connection.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content