Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document certificate generation and TLS verify #2217

Closed
stuclem opened this issue Sep 1, 2016 · 10 comments
Closed

Document certificate generation and TLS verify #2217

stuclem opened this issue Sep 1, 2016 · 10 comments
Assignees
@stuclem
Labels
impact/doc/user Requires changes to official user documentation
Milestone
Doc for GA

Comments

@stuclem
Copy link
Contributor

stuclem commented Sep 1, 2016

Per #2197. No milestone yet.
@stuclem stuclem added the impact/doc/user Requires changes to official user documentation label Sep 1, 2016
@stuclem stuclem self-assigned this Sep 1, 2016
@stuclem
Copy link
Contributor Author

stuclem commented Sep 1, 2016

Requires update in both app dev and install, as there will be vic-machine create updates.

@stuclem
Copy link
Contributor Author

stuclem commented Sep 7, 2016

#2197 is now in the ice box.

@stuclem
Copy link
Contributor Author

stuclem commented Oct 4, 2016

#2197 is still in the ice box, but is fixed in PR #2553. Moving this to To Do.

@stuclem stuclem changed the title Document docker user authentication Document certificate generation and TLS verify Oct 4, 2016
@mdubya66 mdubya66 added this to the Doc for GA milestone Oct 7, 2016
@stuclem
Copy link
Contributor Author

stuclem commented Oct 11, 2016
edited

#2197 is fixed in PR #2629 (not merged) and #2553 (merged).

@stuclem
Copy link
Contributor Author

stuclem commented Oct 12, 2016
edited

vic-machine create now presents the following new options:

  • --client-verification-ca
  • --no-tlsverify
  • --cname value

The following options appear if you specify --advanced-options:

  • --certificate-key-size
  • --organisation

@hickeng
Copy link
Member

hickeng commented Oct 12, 2016

@stuclem FYI the --cname option will become --tls-cname in #2633 to make it more evident that it's grouped with --no-tls and --no-tlsverify

@stuclem
Copy link
Contributor Author

stuclem commented Oct 13, 2016

#2629 was closed and split into multiple PRs:

@stuclem
Copy link
Contributor Author

stuclem commented Oct 13, 2016

#2676 (env file) is related to the TLS implementation.

@stuclem stuclem added the Epic Represents a ZenHub Epic label Oct 13, 2016
@stuclem
Copy link
Contributor Author

stuclem commented Oct 17, 2016

From @hickeng via Slack:

George Hicken [7:20 PM]
If you're specifying a staticIP you can skip any tls options

Stuart Clements [7:25 PM]
I see. Maybe better not to mention that, if it's a transient state pending the arrival of the final implementation

George Hicken [7:26 PM]
nah, that should be there to stay.

Stuart Clements [7:26 PM]
ok, can add that as a note in the sections on static IP and TLS (edited)

George Hicken [7:26 PM]
That way you can do:
vic-machine create -client-network-ip=my-vch.eng.vmare.com --client-network-gateway=x.x.x.x/yy
and have it work appropriately

Stuart Clements [7:27 PM]
and then you don't need TLS?

George Hicken [7:27 PM]
My working assumption is that's the most likely usage scenario (is to have a DNS name for the client IP) so figured I'd make it easy

[7:28]
If you don't specify any TLS options in that scenario it's the same as saying --tls-cname=my-vch.eng.vmare.com (edited)

@stuclem stuclem mentioned this issue Oct 28, 2016
Closed
@stuclem stuclem removed the Epic Represents a ZenHub Epic label Nov 4, 2016
@stuclem
Copy link
Contributor Author

stuclem commented Nov 4, 2016

Everything in this issue is done, although TLS still needs work.

@stuclem stuclem closed this as completed Nov 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stuclem stuclem

Labels
impact/doc/user Requires changes to official user documentation
Projects
None yet
Milestone
Doc for GA
Development

No branches or pull requests
3 participants
@hickeng @mdubya66 @stuclem