-
Notifications
You must be signed in to change notification settings - Fork 397
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement] Add support for multiple DNS names in SAN to dockertls. #182
Comments
I intend to put up a pull request for this enhancement. |
estenrye
pushed a commit
to estenrye/dockerfiles-windows
that referenced
this issue
Aug 9, 2017
This change adds an environment variable to supply additional DNS names to include in the SAN of the certificate that gets generated. StefanScherer#182
estenrye
pushed a commit
to estenrye/dockerfiles-windows
that referenced
this issue
Aug 9, 2017
Refactored environment variable ADDITIONAL_NAMES to ALTERNATIVE_NAMES. Refactored logic that generated Subject Alternative Names to support generation of multiple DNS alternative names from a comma separated list. Refactored run.ps1 to support taking parameters in addition to environment variables. StefanScherer#182
estenrye
pushed a commit
to estenrye/dockerfiles-windows
that referenced
this issue
Aug 9, 2017
Encountered a bug when ALTERNATIVE_NAMES is not supplied. Added null or whitespace checks to skip adding IP Addresses or Alternative Names when those values are not supplied. StefanScherer#182
@estenrye Thank you. Sounds reasonable. Seems like you also want to write a Cucumber integration test 👍 😃 |
Closed with #183 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use Case:
WHEN a common DNS name exists for all managers in a swarm (e.g. manager.nonprod.blah.io)
AND each node must support communication using the following DNS name examples
COMPUTERNAME
COMPUTERNAME.ACTIVE_DIRECTORY_DOMAIN
manager.nonprod.blah.io
AND each node in the swarm has DockerTLS enabled using the stefanscherer/dockertls-windows image
THEN
dockerhost -H COMPUTERNAME ps
should execute successfullyAND
dockerhost -H COMPUTERNAME.ACTIVE_DIRECTORY_DOMAIN ps
should execute successfullyAND
dockerhost -H manager.nonprod.blah.io ps
should execute successfully.Suggested Implementation
Add a parameter to createCerts to supply an array of additional DNS names.
Modify the following line of createCerts to iterate over the array of additional DNS names and include them in the subjectAltName.
"subjectAltName = " + (($ipAddresses.Split(',') | ForEach-Object { "IP:$_" }) -join ',') + ",DNS.1:$serverName" | Out-File extfile.cnf -Encoding Ascii
Use an environment variable
$env:ALTERNATIVE_NAMES
to load the array of additional DNS names as a comma separated list.The text was updated successfully, but these errors were encountered: