add self-signed certs for *.bosh-lite.com #405
Conversation
this allows releases to be deployed using a known ca so they can do ssl with proper cert verification Signed-off-by: Zach Robinson <zrobinson@pivotal.io>
|
Hey zrob! Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA. |
so we can eventually use 'skip_cert_verify: false' by default the ca needs to get into a bosh-lite box see: cloudfoundry-attic/bosh-lite#405 Signed-off-by: Utako Ueda <uueda@pivotal.io>
|
I think this already should work when executing something like |
|
This puts the ca into the default cert store for each "vm" that the director creates so that jobs in a deploy can trust each other using certs signed by that ca. Is the ca cert you reference available on all "vms" or is it just the director ca? If it's available on every vm then it would work. |
|
@dpb587-pivotal ping |
|
@dpb587-pivotal ping |
|
@zrob pipeline for bosh-lite is busted hence no update. it's not trivial to fix it so it's taking time. |
this allows releases to be deployed using a known ca so they can do ssl
with proper cert verification
Signed-off-by: Zach Robinson zrobinson@pivotal.io