Appliance shared TLS certificate #1272
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
approved these changes
Dec 20, 2017
|
yes i will definitely be making sure everything on the appliance uses this. i'm waiting until your systemd refactor merges first :-) |
andrewtchin
force-pushed
the
1179/landing-page
branch
from
9c57eaf to
e5dd891
Compare
andrewtchin
changed the title
|
make sure this survives rebase #1381 |
andrewtchin
force-pushed
the
1179/landing-page
branch
from
83ca04e to
e2d0996
Compare
|
|
|
@morris-jason ready for another review |
ghost
approved these changes
Feb 6, 2018
| @@ -5,6 +5,8 @@ Documentation=https://github.com/vmware/vic-product | |||
| [Service] | |||
| Type=oneshot | |||
| ExecStart=/etc/vmware/vic-appliance-environment.sh | |||
| Requires=ovf-network.service | |||
There was a problem hiding this comment.
probably want network-online.target here too.
|
|
||
| func getTLSCertFingerprint() string { | ||
| certFile := "/storage/data/certs/server.crt" | ||
| if _, err := os.Stat(certFile); err == nil { |
There was a problem hiding this comment.
Could this be simplified to:
func getTLSCertFingerprint() string {
certFile := "/storage/data/certs/server.crt"
certPEM, e := ioutil.ReadFile(certFile)
if e != nil {
log.Debugf("Read error: %s", e.Error())
return certNotAvail
}
block, _ := pem.Decode([]byte(certPEM))
if block == nil {
log.Debugf("Parse error")
return certNotAvail
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
log.Debugf("Parse error: %s", err.Error())
return certNotAvail
}
return fmt.Sprintf("% X", sha1.Sum(cert.Raw))| if err != nil { | ||
| return fmt.Sprintf("Parse error: %s", err.Error()) | ||
| } | ||
| return fmt.Sprintf("% X", sha1.Sum(cert.Raw)) |
There was a problem hiding this comment.
Should this be "%X" instead of "% X"? Does the extra space break this?
There was a problem hiding this comment.
space adds a space after each octet for readability
andrewtchin
force-pushed
the
1179/landing-page
branch
from
2c68ab0 to
f72e592
Compare
- Shares the same TLS certificate for all services running on the appliance - Places the certificate in a well known location - Simplify manifest for files included in appliance - Displays cert fingerprint to DCUI - Automatically convert private key to correct format - Update appliance-support.sh and SUPPORT.md - Move hostname detection for cert generation to vic-appliance-environment
andrewtchin
force-pushed
the
1179/landing-page
branch
from
824cad4 to
0b26eee
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #881
Fixes #1007
Towards #1179
tested with
generated self signed DHCP
generated self signed static
custom cert DHCP
custom cert static