Provide a Root CA when creating/updating service broker #825
Comments
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/145909391 The labels on this github issue will be updated when the story is started. |
|
@drnic We're putting together a track of work to remove the |
|
Hey @drnic |
|
It’s only important to me if it’s important to you :)
…________________________________
From: Matt McNeeney <[email protected]>
Sent: Monday, September 3, 2018 8:16 pm
To: cloudfoundry/cloud_controller_ng
Cc: Dr Nic Williams; Mention
Subject: Re: [cloudfoundry/cloud_controller_ng] Provide a Root CA when creating/updating service broker (#825)
Hey @drnic<https://github.com/drnic>
We're just taking a look at this issue; is this still something that is important for you?
Thanks!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#825 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAAAbGOV0z4I0h3R-1rzfBKBy4MBObslks5uXQE4gaJpZM4NjRiW>.
|
|
This still sounds valuable to me. We've been working on turning http to https everywhere we can. This can be done for brokers if the brokers are using a cert that the vm cc is running on trusts it, but doesn't allow operators to easily opt-in to self-signed certs without putting them into the cc vm trust store. |
|
I think that platform to service broker communication still supports both
HTTP and HTTPS though. Are/were there plans to disable HTTP?
…On Wed, 12 Sep 2018 at 22:35, Zach Robinson ***@***.***> wrote:
This still sounds valuable to me. We've been working on turning http to
https everywhere we can. This can be done for brokers if the brokers are
using a cert that the vm cc is running on trusts it, but doesn't allow
operators to easily opt-in to self-signed certs without putting them into
the cc vm trust store.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#825 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AG7UzC6ecVz1WaXhnE9k551Mdgr2LnT6ks5uaX4cgaJpZM4NjRiW>
.
|
|
Closing for now, but will reopen if this becomes a blocker for anyone! |
|
Reopening this since cf-for-k8s redirects See this Slack convo where @reneighbor ran into this today: |
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/175213714 The labels on this github issue will be updated when the story is started. |
|
Now that we (the cf-for-k8s team) understand this better, we're thinking that we made need a K8s implementation of this: https://bosh.io/docs/trusted-certs/, so that we could potentially use a self-signed CA by adding it to the trust store for [at least] the necessary containers. Does that make sense to you, cake folks? |
|
Closing this since cf-for-k8s is no longer under active development |
When I register or update a service broker, I'd like to offer
https://URLs to my broker but the SSL certs are often self-signed. I'd like to be able to have users register my broker with the matching root CA for the SSL/TLS certs please.Currently, if the service broker has self-signed certs then I'm required to downgrade to accessing/registering the broker via
http://The text was updated successfully, but these errors were encountered: