Skip to content

horizon: Correct SAN in SSL certs (SOC-10584)#2428

Open
skazi0 wants to merge 1 commit intocrowbar:masterfrom
skazi0:ssl-san
Open

horizon: Correct SAN in SSL certs (SOC-10584)#2428
skazi0 wants to merge 1 commit intocrowbar:masterfrom
skazi0:ssl-san

Conversation

@skazi0
Copy link
Member

@skazi0 skazi0 commented Sep 4, 2020
edited
Loading

The gensslcert script from apache-utils didn't support setting SAN values.
This resulted in useless certificate which had SAN set to
email:webmaster@... or (in new version) FQDN of the node where horizon
was deployed. After adding new option to gensslcert, crowbar can set SAN
to proper values which is especially important in HA deployments.

NOTE This needs the changes to apache packages merged first!

@skazi0
horizon: Correct SAN in SSL certs (SOC-10584)
101e095 
The gensslcert script from apache-utils didn't support setting SAN values.
This resulted in useless certificate which had SAN set to
email:webmaster@... or (in new version) FQDN of the node where horizon
was deployed. After adding new option to gensslcert, crowbar can set SAN
to proper values which is especially important in HA deployments.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do not merge yet needs backport to SOC8 wip

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skazi0

Comments