Lines Matching full:for

3 TLS setup for network services
6 Almost all network services in QEMU have the ability to use TLS for
7 session data encryption, along with x509 certificates for simple client
9 certificates suitable for usage with QEMU, and applies to the VNC
24 certificates to each server. If using x509 certificates for
33 for impersonating your services. The only likely exception where a
39 The recommendation is for the server to keep its certificates in either
40 ``/etc/pki/qemu`` or for unprivileged users in ``$HOME/.pki/qemu``.
72 extension to indicate this certificate is for a CA, while
74 be used for signing other keys. The generated ``ca-cert.pem`` file
77 disclosed/copied anywhere except the host responsible for issuing
87 against the CA certificate. The core pieces of information for a server
100 for validation is now deprecated. Instead modern TLS clients will
101 validate against the Subject Alt Name extension data, which allows for
107 information for each server, and use it to issue server certificates.
134 the key purpose extension to indicate this certificate is intended for
136 HTTP servers (except for VNC websockets), setting this key purpose is
138 the key usage extension to indicate this certificate is intended for
142 should now be securely copied to the server for which they were
158 authority. The client certificate would typically include fields for
162 the information for each client, and use it to issue client
185 The subject alt name extension data is not required for clients, so
188 certificate is intended for usage in a web client. Although QEMU network
191 key usage extension to indicate this certificate is intended for usage
195 should now be securely copied to the client for which they were
203 This would be quite common for the migration and NBD services, where a
245 QEMU has a standard mechanism for loading x509 credentials that will be
246 used for network services and clients. It requires specifying the
248 for the system emulators. Each set of credentials loaded should be given
250 credentials can be used for multiple network backends, so VNC,
252 Note, however, that credentials for use in a client endpoint must be
266 used for a network client or server, and determines which PEM files are
274 should never be turned off for client endpoints, however, it may be
275 turned off for server endpoints if an alternative mechanism is used to
276 authenticate clients. For example, the VNC server can use SASL to
292 parameter which expects the ID of the TLS credentials object. For