luispresuelVenafi
commented
4 months ago Not sure if this should be placed here since this is not an actual Terraform issue, rather a missing documentation within TLSPDC (f.k.a TPP).
Closed brental closed 3 months ago
luispresuelVenafi
commented
4 months ago Not sure if this should be placed here since this is not an actual Terraform issue, rather a missing documentation within TLSPDC (f.k.a TPP).
luispresuelVenafi
commented
4 months ago Hi @brental ,
If there's an expecific page which do you believe it should have this info, in the TPP docs, could you look down for the link below and click it?
It will autogenerate the an email with pre-populated data in order for you to let us know which page would like to have that the improvement for, and will populate much other information for you.
If you don't have an specific page suggestion, it's ok, sending that email with the pre-populated email and the information you expect will help the TPP docs team to enable that information.
Since this is not an issue for this Open Source tool I'll be closing this ticket.
brental
commented
4 months ago hey @luispresuelVenafi, I do think this is an issue in the documentation for this terraform provider. In the README for this repo under Venafi Trust Protection Platform it has the following:
The highlighted section lists policies that should be applied to folders in order for this provider to work. The provider requires a PBE algorithm of either "SHA1 3DES" or "SHA256 AES256" to work when using service generated CSR's but that requirement is not included in the highlighted list. So, I think this issue should be re-opened as it does relate to the documentation for this terraform provider.
brental
commented
4 months ago @luispresuelVenafi ^^^
luispresuelVenafi
commented
3 months ago Hi @brental ,
sorry for the delay in response.
That requirements section was initially mostly set to help the user to set a quick start. Service generated was not considered a regular type of mode to be used, hence what I mentioned above. After another look with my team, we decided to also include what you mentioned above
luispresuelVenafi
commented
3 months ago Hi @brental ,
We just attended this issue with your requested doc update, I'll be closing it accordingly :smile:
BUSINESS PROBLEM The Trust Protection Platform requirements do not mention PBE algorithm requirements for service generated CSRs. It is not currently made clear that the PBE algorithm should be configured for either "SHA1 3DES" or "SHA256 AES256" for service generated CSRs to work and the error message returned when it is not set to those does not make it clear what the issue is.
PROPOSED SOLUTION Update TPP requirements documentation to mention that for service generated CSRs to work the PBE algorithm should be configured for either "SHA1 3DES" or "SHA256 AES256" as per https://github.com/Venafi/terraform-provider-venafi/issues/91#issuecomment-1109930265
CURRENT ALTERNATIVES Upgrading PBE algorithm to be configured for either "SHA1 3DES" or "SHA256 AES256". However, need the doco updated so people know they should do this.
VENAFI EXPERIENCE 6 months experience using TPP and the terraform provider.