search

concourse / concourse-bosh-deployment

A toolchain for deploying Concourse with BOSH.
Apache License 2.0
86 stars 155 forks source link

Get rid of common_name from tls-vars #106

Closed joshzarrabi closed 5 years ago

joshzarrabi commented 6 years ago

It is outdated and is not as flexible. SAN should be enough.

joshzarrabi commented 6 years ago

~@zmb3 Is there a reason to keep common names?~ This RFC says they are deprecated. https://tools.ietf.org/html/rfc6125.html#appendix-B.2. Also it is causing problems for deploying concourse with bbl on aws, as the load balancer address that aws gives you is longer than 64 characters which is too long for a common name but works for a SAN.

zmb3 commented 6 years ago

No, not at all! I meant to +1 this (whoops!)

I wasn't aware of the 64 character limit, just thought we eliminating some redundancy here. I've never thought to put the long AWS name in the cert (typically create a CNAME record), but that's even more reason to do this.

vito commented 5 years ago

thanks!