generate proper hostname for a self-signed SSL certificate

scylladb / scylla-ansible-roles

Ansible roles for deploying and managing Scylla, Scylla-Manager and Scylla-Monitoring

44 stars 39 forks source link

generate proper hostname for a self-signed SSL certificate #151

Open tarzanek opened 2 years ago

tarzanek commented 2 years ago

If you don't use proper hostname, then only this cqlshrc will work: https://github.com/scylladb/scylla-ansible-roles/blob/master/ansible-scylla-node/templates/cqlshrc.j2#L11

However validate=true won't work, until self signed certificates are properly generated Currently it is disabled and we explicitly pass on map of hostnames to certs, but this can be likely improved. Let's investigate if this is possible, ev. improve this state

vladzcloudius commented 2 years ago

@tarzanek It's not clear what's the context of this issue:

What didn't work?
How to reproduce?

tarzanek commented 2 years ago

the goal is to be able from role to use certificates with validate=true even without [certfiles] section exactly as in https://docs.scylladb.com/stable/operating-scylla/security/gen-cqlsh-file.html

this can be achieved by generating self signed certs in a better way and with needed metadata of node hostnames and IPs