-
-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate self-signed certificates with subject alternative name #300
base: master
Are you sure you want to change the base?
Conversation
Converted the PR to a draft until I had time to look into the CentOS7 issues Travis has. |
Looks to be an idemptonency problem on centos 7, so on second run it complaisn about 2 changed tasks:
The new tasks for Redhat7 as they stand will always create the temp file /tmp/openssl.cnf and delete them - so will fail the idempotency test. Perhaps add a when on the first one so that it only does it if /etc/ssl/st2/st2.key doesn't exist? |
Yes, that'll probably be it. I'll provide an update. |
I'm happy about (re-)reviews of this PR! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
5a6bf68
to
6b055b8
Compare
Now we create self-signed certificates with an SubjectAlternativeName as requested in #293
The openssl version shipped on RedHat/CentOS7 is too old and does not support the SAN attributes to be passed on the command line so it needs an extra configuration file.
close #293