Add DNS to subjectAltName in Self-Signed Certificate

According to [1]:
IP address used in the IP options can be in either IPv4 or IPv6 format.
DNS can be used for IPv4 only, IPv6 only and dual stack.

Also should have FQDNs in subjectAltName per current[2].

[1] https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html
[2] https://support.google.com/chrome/a/answer/7391219

Partially-Implements: blueprint ipv6-control-plane

Change-Id: Ibad8f8c734984aeda8ddac1a5db39875bc242bbf
This commit is contained in:
Xing Zhang 2019-09-04 14:20:33 +08:00
parent 15ce0e0600
commit aa45d379a0
No known key found for this signature in database
GPG Key ID: 43F80E57B910E3B0

View File

@ -14,3 +14,9 @@ subjectAltName = @alt_names
[alt_names] [alt_names]
IP.1 = {{ kolla_external_vip_address }} IP.1 = {{ kolla_external_vip_address }}
# NOTE(Xing Zhang): Add IPv6 external VIP address to IP.2 when
# ipv6-control-plane is implemented.
#IP.2 =
{% if kolla_external_fqdn != kolla_external_vip_address %}
DNS.1 = {{ kolla_external_fqdn }}
{% endif %}