Open devtdeng opened 6 years ago
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/158023184
The labels on this github issue will be updated when the story is started.
Hi @tylerschultz @devtdeng I wanted to circle around about this enhancement. If you could please provide additional information (is this an issue with customers, etc), it would help us prioritise against the other GitHub issues we have. Thanks!
Hi @abbyachau, I don't recall what I was doing in support of which issue, so customer evidence is not something I can help with anymore. I do recall investigating some sort of issue with the gorouter when mTLS was enabled, and came to the realization I was no longer able to use the CLI to communicate with cloud controller. There are many ways one might configure their load balancer and gorouter, and perhaps the situation I encountered is contrived. If you've not heard other complaints since this issue was logged then perhaps few, if any, users are bothered by this circumstance.
I have similar feature requests for scenarios where not using mTLS and are instead using self signed certificates. It would be nice to be able to supply the CA certificate to validate the cli's connection to the gorouter. This would mean CLI users would not need to skip SSL validation. The bosh cli provides this functionality, FWIW.
I'm happy to discuss any or all of this stuff more. LMK if you're interested.
Hey @tylerschultz many thanks for the response, sorry about the delay in response. Thanks for the explanation. We'll leave this open to see if it garners further conversation. Thanks again.
Command
cf ALL_COMMANDS when mutual TLS is enabled on cloud foundry side, and client certificate is a MUST.
What occurred
TLS handshake fails because
cf
cli can't provide client certificate.What you expected to occur
Provide an option to support TLS client certificate .
CLI Version
All
CC API Endpoint Version
All
CF Trace
None