Skip to content

Ingestion-driven managed-cert row creation (sub-task of #40639) #44345

Closed
#45037
Closed
Ingestion-driven managed-cert row creation (sub-task of #40639)#44345
#45037
Assignees
mostlikelee
Labels
#g-security-complianceSecurity & Compliance product groupcustomer-cisneros-a~sub-taskA technical sub-task that is part of a story. (Not QA'd. Not estimated.)
Milestone
4.86.0
@mostlikelee

Description

@mostlikelee
mostlikelee
opened on Apr 28, 2026

Part of #40639.

Extend UpdateHostCertificates to insert host_mdm_managed_certificates rows when an ingested cert's Subject contains a fleet-<profile_uuid> marker but no matching managed-cert row exists. Today this function only updates existing rows — non-proxied flows (Hydrant, Okta SCEP) have no proxy step that would create the row at issuance.

Verify the extracted profile_uuid resolves to a profile installed on the host before inserting. Core change of Phase 2.

Metadata

Metadata

Assignees

Labels

#g-security-complianceSecurity & Compliance product groupcustomer-cisneros-a~sub-taskA technical sub-task that is part of a story. (Not QA'd. Not estimated.)

Type

No type

Projects

🛡️ #g-security-compliance

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions