Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds handling for Pre-signed TLS Certs, signed outside framework #169

Closed
wants to merge 2 commits into from
Closed

Adds handling for Pre-signed TLS Certs, signed outside framework #169

wants to merge 2 commits into from

Conversation

clevesque
Copy link
Contributor

Allows for scenario where user is supplying their own CA Signed x509 certs and priv keys and we are not generating those in the framework. Expecting that each host has a directory, defined in variable "tls_presigned_certs": e.g. /etc/pki/certs, which contains: PEM format x509 signed cert, named .pem RSA style private key that is encrypted, named .key Passphrase for key is supplied by variable "tls_key_password" The Public CA certs of Issuer, root (and any intermediates) are expected to be on the controller host, defined by variable "tls_ca_certs" which has a list of CA certs. example:
tls_ca_certs:

  • alias: <alias name, like: root-ca>
    path: /root_ca.pem
  • alias: <alias name, like: inter-ca>
    path: /intermediate_ca.pem

@clevesque
Adds handling for Pre-signed TLS Certs, signed outside framework
6158918 
Allows for scenario where user is supplying their own CA Signed x509 certs and priv keys and we are not generating those in the framework.
Expecting that each host has a directory, defined in variable "tls_presigned_certs": e.g. /etc/pki/certs, which contains:
PEM format x509 signed cert, named <host-fqdn>.pem
RSA style private key that is encrypted, named <host-fqdn>.key
Passphrase for key is supplied by variable "tls_key_password"
The Public CA certs of Issuer, root (and any intermediates) are expected to be on the controller host, defined by variable "tls_ca_certs" which has a list of CA certs.
example:
tls_ca_certs:
  - alias: <alias name, like: root-ca>
     path: <absolute-path>/root_ca.pem
  - alias: <alias name, like: inter-ca>
     path: <absolute-path>/intermediate_ca.pem

Signed-off-by: Chuck Levesque <[email protected]>
@clevesque clevesque mentioned this pull request Dec 4, 2023
Closed
@wmudge wmudge requested a review from a team December 18, 2023 15:28
@wmudge wmudge added this to the Release 4.3.0 milestone Dec 18, 2023
@wmudge wmudge added the enhancement New feature or request label Dec 18, 2023
@wmudge wmudge modified the milestones: Release 4.3.0, Release 4.4.0 Dec 20, 2023
@clevesque
Copy link
Contributor Author

More work needed........PR withdrawn

@clevesque clevesque closed this Jan 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request validated
Milestone
Release 4.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@clevesque @wmudge