From 68e0e4abc147902a4869a34fd76b924c2831a56a Mon Sep 17 00:00:00 2001 From: Anthony Romano Date: Fri, 2 Jun 2017 11:24:54 -0700 Subject: [PATCH] op-guide: document CN certs in security.md --- Documentation/op-guide/security.md | 3 ++- Documentation/v2/security.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Documentation/op-guide/security.md b/Documentation/op-guide/security.md index 755ccee14b6..60da143ba9b 100644 --- a/Documentation/op-guide/security.md +++ b/Documentation/op-guide/security.md @@ -16,7 +16,7 @@ etcd takes several certificate related configuration options, either through com `--key-file=`: Key for the certificate. Must be unencrypted. -`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail. +`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail. If [authentication][auth] is enabled, the certificate provides credentials for the user name given by the Common Name field. `--trusted-ca-file=`: Trusted certificate authority. @@ -222,3 +222,4 @@ The certificate needs to be signed for the member's FQDN in its Subject Name, us [tls-setup]: ../../hack/tls-setup [tls-guide]: https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.md [alt-name]: http://wiki.cacert.org/FAQ/subjectAltName +[auth]: authentication.md diff --git a/Documentation/v2/security.md b/Documentation/v2/security.md index 5800c065307..86871dda759 100644 --- a/Documentation/v2/security.md +++ b/Documentation/v2/security.md @@ -16,7 +16,7 @@ etcd takes several certificate related configuration options, either through com `--key-file=`: Key for the certificate. Must be unencrypted. -`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail. +`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail. If [authentication][auth] is enabled, the certificate provides credentials for the user name given by the Common Name field. `--trusted-ca-file=`: Trusted certificate authority. @@ -191,3 +191,4 @@ If you need your certificate to be signed for your member's FQDN in its Subject [tls-setup]: ../../hack/tls-setup [tls-guide]: https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.md [alt-name]: http://wiki.cacert.org/FAQ/subjectAltName +[auth]: authentication.md