Actions
Architecture #19492
closed
Architecture #18784: Reuse agent certificates for HTTPS communication
Add policy server certificate information to policies
Architecture #19492:
Add policy server certificate information to policies
Status:
Released
Priority:
N/A
Assignee:
Category:
Web - Config management
Target version:
Fix check:
To do
Regression:
Description
We need:
- The root and parent policy server's certificate in .pem format, in the
inputs/certsfolder:root.pempolicy-server.pem(which can be a symbolic link to root.pem if it's not a different relay)
- A hash of the policy server public key in
rudder.jsonon all nodes, namedPOLICY_SERVER_KEY_HASH. This format is the one used in HPKP :
# base64(sha256(x509pubkey.der)) openssl x509 -in my-certificate.pem -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
It should looks like sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=
- change the format for
SUB_NODES_KEYHASHfromnodeInfo.sha256KeyHashto that one (ie: we need to add the base64 encoding, and change thesha256:toshat256//)
This hash should also be displayed in the node details.
(note to dev: check that the base64 algo is really the one used by openssl)
Updated by Alexis Mousset over 4 years ago
- Description updated (diff)
Updated by Alexis Mousset over 4 years ago
- Description updated (diff)
Updated by Alexis Mousset over 4 years ago
- Description updated (diff)
Updated by Alexis Mousset over 4 years ago
- Description updated (diff)
Updated by Alexis Mousset over 4 years ago
- Description updated (diff)
Updated by François ARMAND over 4 years ago
- Description updated (diff)
Updated by François ARMAND over 4 years ago
- Description updated (diff)
Updated by Alexis Mousset over 4 years ago
- Description updated (diff)
Updated by François ARMAND over 4 years ago
- Description updated (diff)
Updated by François ARMAND over 4 years ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND over 4 years ago
Also, change the object name CFengineKey to NodeKeyHashes which is more akin to what we do now.
Change return type to IOResult, as we do in 2021.
Updated by François ARMAND over 4 years ago
- Related to Architecture #19527: Rename POLICY_SERVER_KEY and POLICY_SERVER_KEY_HASH added
Updated by François ARMAND over 4 years ago
I'm creating an other ticket for the addition of the two certificate file during generation
Updated by François ARMAND over 4 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/3713
Updated by François ARMAND over 4 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|020e365504eeb11a17e067efd130ab940eec77b8.
Updated by Vincent MEMBRÉ over 4 years ago
This bug has been fixed in Rudder 7.0.0~beta1 which was released today.
Updated by Vincent MEMBRÉ over 4 years ago
- Related to Architecture #19524: Homogeneize nodeslist.json with rudder.json added
Updated by Vincent MEMBRÉ over 4 years ago
- Status changed from Pending release to Released
Actions