You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, we use cert_hash to configure the https bindings for are particular website. If you know all of the cert's hashes installed on the system nomad tasks are being deployed to, this is great! However, in larger environments, this is a bit unwieldy. To get around this, I am proposing a way for folks to set their cert or maybe cert_name config to point to the CN the cert's subject is providing.
This should find latest cert matching that particular wildcard cert. I don't want to perform a best match with this config (at this time). It will be purely explicit, so if your cert only provides awesomeapi.local.domain, then cert must be the same string value.
This should also allow for cert automation to happen behind the scenes and folks won't have to update their job specs, but rather trigger a reallocation and the cert find function should pick the cert that matches and expires last.
The text was updated successfully, but these errors were encountered:
Currently, we use
cert_hash
to configure thehttps
bindings for are particular website. If you know all of the cert's hashes installed on the system nomad tasks are being deployed to, this is great! However, in larger environments, this is a bit unwieldy. To get around this, I am proposing a way for folks to set theircert
or maybecert_name
config to point to the CN the cert's subject is providing.An example config:
This should find latest cert matching that particular wildcard cert. I don't want to perform a best match with this config (at this time). It will be purely explicit, so if your cert only provides
awesomeapi.local.domain
, thencert
must be the same string value.This should also allow for cert automation to happen behind the scenes and folks won't have to update their job specs, but rather trigger a reallocation and the cert find function should pick the cert that matches and expires last.
The text was updated successfully, but these errors were encountered: