Add DNS to subjectAltName in Self-Signed Certificate
According to [1]: IP address used in the IP options can be in either IPv4 or IPv6 format. DNS can be used for IPv4 only, IPv6 only and dual stack. Also should have FQDNs in subjectAltName per current[2]. [1] https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html [2] https://support.google.com/chrome/a/answer/7391219 Partially-Implements: blueprint ipv6-control-plane Change-Id: Ibad8f8c734984aeda8ddac1a5db39875bc242bbf
This commit is contained in:
parent
15ce0e0600
commit
aa45d379a0
@ -14,3 +14,9 @@ subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
IP.1 = {{ kolla_external_vip_address }}
|
||||
# NOTE(Xing Zhang): Add IPv6 external VIP address to IP.2 when
|
||||
# ipv6-control-plane is implemented.
|
||||
#IP.2 =
|
||||
{% if kolla_external_fqdn != kolla_external_vip_address %}
|
||||
DNS.1 = {{ kolla_external_fqdn }}
|
||||
{% endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user