You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Similar to the "soft-failures" we have on image import, we could probably decode the certificate and verify that either the the CN or SAN covers the computed silo url {silo}.sys.{domain}. Less useful for long term users, but likely nice for initial silo creation.
Seems like a quick win, design work is minimal since we can just reuse the pattern from image import. @augustuswm have you got a test cert you could send to play with.
The text was updated successfully, but these errors were encountered:
You can change the value of the subject CN by altering the CN=<silo.sys.<domain> part, and you can change the SAN entries by editing the DNS:<silo>.sys.<domain> part. I think for this initial check we can look so see if the silo is covered by either of those, including if one is specified as a wildcard (i.e. *.sys.<domain>)
#2578 (comment)
Seems like a quick win, design work is minimal since we can just reuse the pattern from image import. @augustuswm have you got a test cert you could send to play with.
The text was updated successfully, but these errors were encountered: