-
Notifications
You must be signed in to change notification settings - Fork 217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix 14882 (http://projects.theforeman.org/issues/14882) #510
Conversation
There were the following issues with the commit message:
If you don't have a ticket number, please create an issue in Redmine. More guidelines are available in Coding Standards or on the Foreman wiki. This message was auto-generated by Foreman's prprocessor |
There were the following issues with the commit message:
If you don't have a ticket number, please create an issue in Redmine. More guidelines are available in Coding Standards or on the Foreman wiki. This message was auto-generated by Foreman's prprocessor |
ok to test or [test] |
Should we consider security issues associated with automatic enabling of alt-names in certificates? Perhaps this option should be requested explicitly in foreman ui/cli and passed on to smart-proxy? @domcleal, @brandonweeks -- thoughts? |
Yeah, it can't be enabled unilaterally - either via configuration and/or by request. |
One addition, trusted extensions (https://docs.puppet.com/puppet/4.10/ssl_attributes_extensions.html#puppet-specific-registered-ids
|
@elconas: Are you planning on introducing a config option to enable/disable this feature? |
Alternatively, you could pass a request parameter to enable signing of alt name requests. |
I wonder if a list of allowed names would make sense. |
@elconas: are you planning to continue the work on this PR? |
Another similar problem is that if you have trusted extension enabled (see https://docs.puppet.com/puppet/4.10/ssl_attributes_extensions.html) those are also not visible in the foreman gui):
So addressing this issue properly whould mean:
As I am not a Ruby on Rails developer, I am not able to provide a proper fix in an acceptable time :( |
Much needed feature, manually patched this on a test server and seems to be working fine, with a few additions (showing the SAN's on the foreman cert table) this would be perfect. Thanks for doing this! |
Thanks for the patch so far, this needs to be a configurable option, possibly with a list of hostnames as folks suggest. Please rebase, add config option, tests and reopen or file a new PR if you want this functionality. I am closing for now. |
This one allows signing of DNS alt name requests