Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document the purpose of the VCH cert that you can download from UI #1280

Closed
stuclem opened this issue Jan 4, 2018 · 0 comments
Closed

Document the purpose of the VCH cert that you can download from UI #1280

stuclem opened this issue Jan 4, 2018 · 0 comments
Assignees
@stuclem
Labels
area/pub/vsphere Published documentation for vSphere administrators area/pub Published documentation for end-users product/engine Related to the vSphere Integrated Containers Engine product/ova Related to the OVA packaging of vSphere Integrated Containers

Comments

@stuclem
Copy link
Contributor

stuclem commented Jan 4, 2018

@stuclem commented on Tue Dec 19 2017

This is a question rather than an issue.

You can download the VCH certificate from the UI:

vch_cert

However, @zjs informed me via Slack that this is the server certificate, and that auto-generated client certs are not supported with the Create VCH wizard.

My question is why would you need to download the server certificate? Surely the client certificate, key, and CA are the ones that you need to download and distribute, not the server cert?

@jak-atx commented on Tue Dec 19 2017

I actually had the same question when talking with @pdaigle yesterday about the certs. I think we need to figure out what the rationale was behind this and what is the actual desired functionality.
cc: @lweitzman @zjs

@zjs commented on Wed Jan 03 2018

If you want the docker client to verify that it is connecting to the expected server (versus just establishing an encrypted connection to any server), you may want to supply the server certificate.

That is, it would be used with the --tlsverify client mode when not using server certificate signed by a trusted certificate authority.

@stuclem commented on Thu Jan 04 2018

OK, thanks @zjs. Is the ability to download a client cert from the UI in the plans for a future release?

@stuclem commented on Thu Jan 04 2018

Moving to vic-product for documentation.
@stuclem stuclem mentioned this issue Jan 4, 2018
Closed
@stuclem stuclem changed the title What is the purpose of the VCH cert that you can download from UI? Document the purpose of the VCH cert that you can download from UI Jan 4, 2018
@stuclem stuclem self-assigned this Jan 4, 2018
@stuclem stuclem added product/ova Related to the OVA packaging of vSphere Integrated Containers product/engine Related to the vSphere Integrated Containers Engine area/pub Published documentation for end-users priority/high area/pub/vsphere Published documentation for vSphere administrators labels Jan 4, 2018
@stuclem stuclem mentioned this issue Jan 9, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stuclem stuclem

Labels
area/pub/vsphere Published documentation for vSphere administrators area/pub Published documentation for end-users product/engine Related to the vSphere Integrated Containers Engine product/ova Related to the OVA packaging of vSphere Integrated Containers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stuclem