Why error "remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list)..." is triggered while connecting to libvirtd remotely using TLS?
Issue
The following misleading error message gets logged in /var/log/messages of libvirtd server when a client tries to connect to the libvirtd server over a TLS connection.
error : remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the
client certificate, or run this daemon with --verbose option.
Environment
- Red Hat Enterprise Linux 5
- Communication between libvirtd client and libvirtd server is over a TLS connection.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.