jseldess
commented
4 years ago Passing to @Amruta-Ranade and @thtruo for triage and prioritization.
Open sheaffej opened 4 years ago
jseldess
commented
4 years ago Passing to @Amruta-Ranade and @thtruo for triage and prioritization.
John Sheaffer (sheaffej) commented:
Some organizations use an intermediate certificate for signing server and client certs, where this intermediate certificate is signed by the root CA. In this case, the intermediate cert should be included in the node.crt, client.node.crt, and/or ui.crt. The root CA cert should be still contained in the ca.crt file.
Example: ca.crt: contains the root CA certificate node.crt: contains the server's "node" cert, and the intermediate signing certificate client.node.crt: contains the server's "client" cert, and the intermediate signing certificate ui.crt: contains the server's "ui" cert, and the intermediate signing certificate
Potential spot in the documentation to add this clarification is: https://www.cockroachlabs.com/docs/v20.1/create-security-certificates-custom-ca.html
Jira Issue: DOC-575