weizhouapache opened a new issue, #11699: URL: https://github.com/apache/cloudstack/issues/11699
### The required feature described as a wish For internal traffic, it is common practice that HTTPS/TLS is used, but: - the TLS certificates are often self-signed, or issued by an internal CA (not a public one like Let’s Encrypt). - Sometimes services just use the server’s IP address instead of a DNS name. Disabling SSL certificate and hostname verification increases compatibility, allowing CloudStack to interoperate with a wide range of hypervisors, networking equipment, and storage devices. This behavior is intentional by design, to ensure broader support across diverse environments. For example, - Connect to Vmware vCenter - Connect to Xenserver - Connect to some external storage or network devices We could provide more flexibility and also stronger security, including but not limited to - Allow users to bring their own SSL certificates - Support host name (DNS) instead of host ip in SSL communication - Add an option for enforce SSL certificate verification - Add an option for enforce hostname verification -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
