search

microcks / microcks-ansible-operator

Kubernetes Operator for easy setup and management of Microcks installs
https://microcks.io
Apache License 2.0
26 stars 6 forks source link

Update self signed certs #29

Closed hguerrero closed 3 years ago

hguerrero commented 3 years ago

When using the latest version of the nginx ingress controller there is warning about the configuration of the self signed certs because of the use of CN.

lbroudoux commented 3 years ago

Thanks for the issue. Is there any recommandation coming out from Nginx on the correct way to do things ?

Currently we are using the following OpenSSL command line to generate certs:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout microcks-ingress.key -out microcks-ingress.crt -subj "/CN={{microcks.url}}/O={{microcks.url}}"

Will have a look on what possibly not correct or not safe with that command ... but I am far from being a TLS expert 😆

hguerrero commented 3 years ago

I'll take a look again at the WARN and check if they documented a way to address it.

lbroudoux commented 3 years ago

I read that CN are deprecated and that we should now use SAN only. Working on the GRPC installation stuffs (microcks/microcks#424) I had to handle that otherwise most GRPC clients are not correctly handling certificates using CN... I had to investigate SAN usage and I'll propagate this the ingresses certificates too.

lbroudoux commented 3 years ago

Now fixed.