Can self-signed certificate support ipsan?

cert-manager / cert-manager

Automatically provision and manage TLS certificates in Kubernetes

https://cert-manager.io

Apache License 2.0

12.11k stars 2.09k forks source link

Can self-signed certificate support ipsan? #865

Closed tweakmy closed 5 years ago

tweakmy commented 6 years ago

Is there envisioned for ipsan for self-signed certficate?

munnerz commented 6 years ago

Yes, we would like to expand the number of options available on the Certificate resource.

Could you share some examples of how you'd like to see this represented on the Certificate resource?

Also, are you able to work on this feature yourself if we can agree on a design? No problem if not 😀

/kind feature

On Thu, 30 Aug 2018 at 14:32, tweakmy notifications@github.com wrote:

Is there envisioned for ipsan for self-signed certficate?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jetstack/cert-manager/issues/865, or mute the thread https://github.com/notifications/unsubscribe-auth/AAMbP8mUBMcQMXG2AuV0RHlXTC8Fk5uMks5uV-lrgaJpZM4WTe5e .

tweakmy commented 6 years ago

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: example-com
  namespace: default
spec:
  secretName: example-com-tls
  issuerRef:
    name: ca-issuer
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: Issuer
  commonName: example.com
  dnsNames:
  - example.com
  - www.example.com
 ipNames:
 - 192.168.1.1
 - 10.0.0.1

I am trying to achieve something like this on the top. Yes, I can help myself if anyone could give some pointer of which .go file I should be looking at first

enenum commented 5 years ago

I need this too.

enenum commented 5 years ago

I would be willing to work on it

munnerz commented 5 years ago

This is now supported 😄

cooervo commented 7 months ago

This is now supported 😄

hi @munnerz do you know if apart from ipAddresses we need to add more changes into our cert-manager config? I'm currently getting error:

Reason:        Failed to create Order: 400 urn:ietf:params:acme:error:unsupportedIdentifier: NewOrder 
request included invalid non-DNS type identifier: type "ip", value "10.2.0.46"                                                   │
State:         errored

When trying to use spec.ipAddresses in the certificate, created a ticket here.