for the setup of a new LXD server with TLS authentification I chose to add client certificates manually via lxc config trust add client.crt.
This requires that new users have to send me their (auto-generated) client certificate. The client certificate can be found in ~/snap/lxd/current/.config/lxc/client.crt. For apt installation I guess it can be found in ~/.config/lxc/client.crt.
However, I noticed that the output of lxc info shows another certificate that is different from client.crt. What is the use case of the certificate shown in lxc info?
thank you for explaining the difference between both certificates. I’ve used a LXD client for testing purposes also as a server. That might be the reason for the server certificate shown in lxc info.
Your clarification will help to formulate user instructions correctly.
My client has been installed with “apt” and there is no cert in “~/.config/lxc/client.crt”
How can I manually create a certificate and add it to lxc such as that it will find the certificate and that I can also add it to a remote?
[UPDATE]: As I browsed through github issues, I saw that by running:
lxc add remote
Will (re) create a client certificate in: $HOME/.config/lxc/client.crt
This is true for the “apt” installation of lxc.
Would it make sense to introduce perhaps a “lxc certificate” command? It makes little sense to me at lease to (re)create a client certificate/key only as part of a remote add.