apt-get install gnutls-bin
mkdir CA && cd CA
certtool --generate-privkey > cakey.pem
mcedit ca.info
certtool --generate-self-signed --load-privkey cakey.pem --template ca.info --outfile cacert.pem
ls
cd ..
mkdir server && cd server
certtool --generate-privkey > serverkey.pem
mcedit server.info
certtool --generate-certificate --load-privkey serverkey.pem --load-ca-certificate ../CA/cacert.pem --load-ca-privkey ../CA/cakey.pem --template server.info --outfile servercert.pem
ls
cd ..
mkdir client && cd client
certtool --generate-privkey > clientkey.pem
mcedit client.info
certtool --generate-certificate --load-privkey clientkey.pem --load-ca-certificate ../CA/cacert.pem --load-ca-privkey ../CA/cakey.pem --template client.info --outfile clientcert.pem
ls
cd ..
#spice:
mkdir -p /etc/pki/CA
cp CA/cacert.pem /etc/pki/CA/
mkdir -p /etc/pki/libvirt/private
cp server/serverkey.pem /etc/pki/libvirt/private/
cp server/servercert.pem /etc/pki/libvirt/
cp client/clientkey.pem /etc/pki/libvirt/private/
...