updated spice doc

1ecaf484 · Florent Gluck · 89136484 · 1ecaf484
Commit 1ecaf484 authored 1 year ago by Florent Gluck
--- a/docs/README_spice_encryption.md
+++ b/docs/README_spice_encryption.md
@@ -65,9 +65,9 @@ hostname --fqdn

 Using both template files, `gen-cert.sh` creates in the specified directory:

- CA public key: `ca-cert.pem`
- Server private key: `server-key.pem` (root-only access)
- Server public key: `server-cert.pem`
+- The CA master certificate: `ca-cert.pem`
+- The server certificate signed with ca-cert.pem: `server-cert.pem`
+- The server private key: `server-key.pem` (root-only access)

 This directory must be passed in argument to QEMU in order to use SPICE with TLS.
 The `ca-key.pem` key is sensitive and required to generate other certificates. Ideally, it whould be stored offline.
@@ -104,11 +104,7 @@ More information on how to do it here: `https://ubuntu.com/server/docs/security-
 ## Server side certificate usage

 On the server side, SPICE can be configured to either use a password or not when establishing the connection.
-In both cases, a directory containing the following files must be specified to QEMU:
-
- Server private key: `server-key.pem`
- Server public key: `server-cert.pem`
- CA public key: `ca-cert.pem`
+In both cases, a directory containing these 3 files, `ca-cert.pem, server-cert.pem, server-key.pem`, must be specified to QEMU.

 ### SPICE without password