docs/tlscerts: document need for socket activation

Mention that the tls socket needs to be started and the libvirtd
or virtproxyd service might have to be started.

If this is not done the user might run into connection issues and
it seems this is not mentioned elsewhere in the docs.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Sebastian Mitterle <smitterl@redhat.com>

diff --git a/docs/kbase/tlscerts.rst b/docs/kbase/tlscerts.rst
index 215d454998ddd4ea698237d696a69704414bacbe..9063e17fce464eebc7521cd6d8b9edefe02c3fb7 100644 (file)
--- a/docs/kbase/tlscerts.rst
+++ b/docs/kbase/tlscerts.rst
@@ -317,10 +317,32 @@ briefly cover the steps.
 Troubleshooting TLS certificate problems
 ----------------------------------------
 
-failed to verify client's certificate
-   On the server side, run the libvirtd server with the '--listen' and
-   '--verbose' options while the client is connecting. The verbose log messages
-   should tell you enough to diagnose the problem.
+* TLS socket
+
+  After setting up your sever certificates you'll have to start libvirt's
+  tls socket and restart the corresponding daemon if it was already running,
+  i.e.
+
+ * for modular daemon setup run
+
+   ::
+
+       systemctl start virtproxyd-tls.socket
+       systemctl try-start virtproxyd.service
+
+ * for monolithic daemon setup run
+
+   ::
+
+       systemctl start libvirtd-tls.socket
+       systemctl try-start libvirtd.service
+
+
+* failed to verify client's certificate
+
+  On the server side, run the libvirtd server with the '--listen' and
+  '--verbose' options while the client is connecting. The verbose log messages
+  should tell you enough to diagnose the problem.
 
 You can use the virt-pki-validate shell script to analyze the setup on the
 client or server machines, preferably as root. It will try to point out the