[
https://issues.apache.org/jira/browse/KNOX-1084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-1084:
------------------------------
Fix Version/s: Future
> Extend knoxcli to support multiple hostnames while generating self-signed
> certificates
> --------------------------------------------------------------------------------------
>
> Key: KNOX-1084
> URL: https://issues.apache.org/jira/browse/KNOX-1084
> Project: Apache Knox
> Issue Type: Bug
> Reporter: Jesus Alvarez
> Priority: Minor
> Fix For: Future
>
>
> In some multi-homed network environments, a knox gateway may have hostnames
> such as:
> {code}
> 123-4-5-5-internal.example.com
> pub2-west-re.example.com
> {code}
> While generating certificates in these types of environments, one approach to
> having host verification resolve on the external and internal CNs is the use
> of subjectAltNames http://wiki.cacert.org/FAQ/subjectAltName
> {code}
> openssl x509 -in temp.crt -text -noout
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 123456 (0x1e240)
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: CN=pub2-west-re.example.com, O=EX, C=US
> Validity
> ...
> Subject: CN=pub2-west-re.example.com, O=EX, C=US
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (4096 bit)
> Modulus:
> ...
> X509v3 extensions:
> X509v3 Subject Alternative Name:
> DNS:123-4-5-5-internal.example.com
> {code}
> It would be useful if knoxcli could be extended to support multiple
> hostnames, ex:
> {code}
> bin/knoxcli.sh create-cert --hostname pub2-west-re.example.com --hostname
> 123-4-5-5-internal.example.com
> {code}
> Where the first name will continue to be the Issuer and Subject, and the
> 2nd-Nth hostname will be added as a Subject Alternate Name DNS entry.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
