Merge "Remote CLI: Client container doesn't trust the CA."

2021-06-09 11:53:16 +00:00 · 2021-06-09 11:53:16 +00:00 · 4b5670df3c
commit 4b5670df3c
parent 2a6199a097 ff0c830115
1 changed files with 16 additions and 0 deletions
--- a/doc/source/security/kubernetes/install-update-the-starlingx-rest-and-web-server-certificate.rst
+++ b/doc/source/security/kubernetes/install-update-the-starlingx-rest-and-web-server-certificate.rst
@ -26,6 +26,22 @@ certificates.
 Put the |PEM| encoded versions of the certificate and key in a single file,
 and copy the file to the controller host.

+.. note::
+    If you plan to use the container-based remote CLIs, due to a limitation
+    in the Python2 SSL certificate validation, the certificate used for the
+    'ssl' certificate must either have:
+
+    #.  CN=IPADDRESS and SANs=empty
+
+        or
+
+    #.  CN=FQDN and SANs=FQDN
+
+    where IPADDRESS and FQDN are for the OAM Floating IP Address.
+
+    We recommend that you use the option 2, as CN is technically a deprecated
+    field in the certificate.
+
 .. rubric:: |proc|

 -   Install/update the copied certificate.