Re: Secure Live KVM VM Migration with CloudStack 4.11.1
In the current implementation, the plugin cannot be used to act as a sub-ordinate or intermediate CA out of the box. One can write a new CA plugin. However, for the default root-ca plugin you can set your own CA keypair and certificate in cloud.configuration table (this will require encrypting the value/string and updating in the table/db), the only requirement is that the CA certificate should have the same attributes/fields as generated by CloudStack for example the certificate can be used for signing other certificates (act as a CA) etc.
From: Piotr Pisz <ppisz@xxxxxxxx>
Sent: Tuesday, July 17, 2018 4:11:48 PM
Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1
Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?
53 Chandos Place, Covent Garden, London WC2N 4HSUK
From: Steve Roles <steve.roles@xxxxxxxxxxxxx>
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <dev@xxxxxxxxxxxxxxxxxxxxx>; users@xxxxxxxxxxxxxxxxxxxxx
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue