Comments (4)
If that is an optional parameter I see no problem having that functionality. It would be a great addition.
I guess one scenario would be when you want to try to monitor each back-end from the load balancer. Or just manually test if each node work, and don't want to get certificate error.
Wildcard certificates are only good (security-wise) if you can make a sub dns zone. Would not want a wildcard certificate on the top level dns zone.
from certificatedsc.
@johlju - for sure - totally agree with you 100%. I think at the moment the SubjectAltName is already an optional parameter. So it wouldn't affect any existing usage scenarios.
So, basically if you're already using the resource then this won't be a breaking change and people can still go ahead and create wildcard certs, it's just our security team prefer that we don't
Does that make sense?
from certificatedsc.
Ah, now I see, I miss read you suggestion above. I thought you wanted add a new boolean parameter that would trigger this functionality. But I see now that you meant that if the user adds the "tag" {ComputerName}
and/or {FQDN}
somewhere in the value for SubjectAltName
that would be replaced at runtime.
That is even better
This change is acceptable for me. Tag me when you submit, I can help with the review.
from certificatedsc.
Awesome! Thanks @johlju - I'll get working on this over the next week or so. It'll shrink the number of DSC configs we're creating by a lot
from certificatedsc.
Related Issues (20)
- Test-TargetResource fails if server language is not English (Get-CertificateTemplateInformation) HOT 1
- PfxImport & CertificateImport: Add base64 content parameter for PFX and certificate import resources HOT 6
- Remove non-mandatory parameters from Get-TargetResource
- Update GitVersion.yml to use latest pattern
- INF file format is wrong HOT 1
- DSC_PfxImport:'Import-PfxCertificateEx' function handles private keys differently then 'Import-PfxCertificate' cmdlet HOT 3
- Tests failing: New-SelfSignedCertificateEx from Script Center is no longer available
- Update Sampler Build Tasks
- Enable Code Coverage Reporting
- PfxImport: Cannot find an overload for "Import" and the argument count: "2" HOT 1
- PfxImport: Keys prevent multiple imports to different locations HOT 1
- When using content option on PfxImport with certificate twice in pfx private key gets lost HOT 1
- Update Azure DevOps Pipeline Images
- Update CI Pipeline Files from Latest Pattern
- Convert to class-based resources
- Convert tests to Pester 5
- Add support to export Cert as Base64 with CredentialExport HOT 2
- CertReq resource cannot request multiple certificates with same subject name HOT 2
- DSC_CertReq failed to execute Set-TargetResource functionality with error message: Cannot add type. The type name 'Source.NativeMethods' already exists
- Move Find-Certificate Function from CertificateDsc.Common.psm1 to DscResource.Common HOT 19
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certificatedsc.