Remote CLI: Client container doesn't trust the CA.

Added note. Patch 1: Worked on Ayyappa comments. Patch 2: Worked on Greg's comments. Patch 3: Worked on Mary's comments. Patch 4: Fixed typo. Signed-off-by: egoncalv <elisamaraaoki.goncalves@windriver.com> Change-Id: I27aab71790f8f21099189b8c2557627203186e9d
2021-06-03 10:23:18 -03:00 · 2021-06-03 10:23:18 -03:00 · ff0c830115
commit ff0c830115
parent 7ce412da79
1 changed files with 16 additions and 0 deletions
--- a/doc/source/security/kubernetes/install-update-the-starlingx-rest-and-web-server-certificate.rst
+++ b/doc/source/security/kubernetes/install-update-the-starlingx-rest-and-web-server-certificate.rst
@ -26,6 +26,22 @@ certificates.
 Put the |PEM| encoded versions of the certificate and key in a single file,
 and copy the file to the controller host.

+.. note::
+    If you plan to use the container-based remote CLIs, due to a limitation
+    in the Python2 SSL certificate validation, the certificate used for the
+    'ssl' certificate must either have:
+
+    #.  CN=IPADDRESS and SANs=empty
+
+        or
+
+    #.  CN=FQDN and SANs=FQDN
+
+    where IPADDRESS and FQDN are for the OAM Floating IP Address.
+
+    We recommend that you use the option 2, as CN is technically a deprecated
+    field in the certificate.
+
 .. rubric:: |proc|

 -   Install/update the copied certificate.