You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A typical windows server often already contains TLS certificates in the certificate store which have however expired.
The current NATS configuration only allows for matching a subject or an issuer of the certificate, so nothing unique (like a hash), and it also doesn't care about certificate validity
Proposed Change:
Add an option to skip expired certificate when searching for a match in the certificate store
Who Benefits From The Change(s)?
Administrators configuring NATS server instances
Alternative Approaches
Add another configuration option for searching for a certificate hash.
The text was updated successfully, but these errors were encountered:
Makes sense to allow Windows repeated search until no more hits or a time valid cert (whichever first). Thanks for the contribution @dmpriso . I will review the PR.
Feature Request
Previously started here: #2130 (comment)
Use Case:
A typical windows server often already contains TLS certificates in the certificate store which have however expired.
The current NATS configuration only allows for matching a subject or an issuer of the certificate, so nothing unique (like a hash), and it also doesn't care about certificate validity
Proposed Change:
Add an option to skip expired certificate when searching for a match in the certificate store
Who Benefits From The Change(s)?
Alternative Approaches
Add another configuration option for searching for a certificate hash.
The text was updated successfully, but these errors were encountered: