Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Platform] Make client cert optional in custom certs workflow #7655

Closed
iSignal opened this issue Mar 15, 2021 · 2 comments
Closed

[Platform] Make client cert optional in custom certs workflow #7655

iSignal opened this issue Mar 15, 2021 · 2 comments
Assignees
@hkandala
Labels
area/platform Yugabyte Platform priority/high High Priority
Projects
Platform
Milestone
2.7.x

Comments

@iSignal
Copy link
Contributor

iSignal commented Mar 15, 2021

After the work related to #7153 (comment) we no longer need a client cert by default to connect to a TLS enabled universe. We need to simplify our custom certs flow to make the client cert part optional. When the user creates an onprem universe that points to a custom cert and checks "client to node encryption in transit", we should not fail the operation if the custom cert does not contain a client cert.
@iSignal iSignal added the area/platform Yugabyte Platform label Mar 15, 2021
@streddy-yb streddy-yb added this to Backlog in Platform Mar 22, 2021
@streddy-yb streddy-yb added this to the 2.7.x milestone Mar 22, 2021
@streddy-yb streddy-yb added the priority/high High Priority label Mar 22, 2021
@streddy-yb streddy-yb moved this from Backlog to To do in Platform Mar 22, 2021
@sshev
Copy link
Collaborator

sshev commented Mar 26, 2021

@hkandala the client cert field at Add Certificate modal is already optional in UI
let me know if there are any additional changes required on UI

@sshev sshev removed their assignment Mar 26, 2021
@hkandala hkandala moved this from To do to In progress in Platform Apr 1, 2021
@hkandala
Copy link
Contributor

hkandala commented Apr 5, 2021

No changes are needed from backend too.
Verified the code flow and client certificates are considered optional everywhere.
Also verified by creating on-prem universe with client to node encryption enabled using custom certificates (without client cert). Was able to successfully create and connect to the universe.

@hkandala hkandala closed this as completed Apr 5, 2021
@hkandala hkandala moved this from In progress to Closed in Platform Apr 5, 2021
@streddy-yb streddy-yb moved this from Closed to Needs QA/Docs in Platform Apr 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hkandala hkandala

Labels
area/platform Yugabyte Platform priority/high High Priority
Projects
Platform
  
Needs QA/Docs
Milestone
2.7.x
Development

No branches or pull requests
4 participants
@iSignal @hkandala @sshev @streddy-yb