[New Feature] xCertReq: SubjectAltName to automatically contain ComputerName and/or FQDN about certificatedsc HOT 4 OPEN

If that is an optional parameter I see no problem having that functionality. It would be a great addition.

I guess one scenario would be when you want to try to monitor each back-end from the load balancer. Or just manually test if each node work, and don't want to get certificate error.

Wildcard certificates are only good (security-wise) if you can make a sub dns zone. Would not want a wildcard certificate on the top level dns zone. 😄

from certificatedsc.

@johlju - for sure - totally agree with you 100%. I think at the moment the SubjectAltName is already an optional parameter. So it wouldn't affect any existing usage scenarios.

So, basically if you're already using the resource then this won't be a breaking change and people can still go ahead and create wildcard certs, it's just our security team prefer that we don't 😁

Does that make sense?

from certificatedsc.

Ah, now I see, I miss read you suggestion above. I thought you wanted add a new boolean parameter that would trigger this functionality. But I see now that you meant that if the user adds the "tag" {ComputerName} and/or {FQDN} somewhere in the value for SubjectAltNamethat would be replaced at runtime.
That is even better 😄 As you say, this would not change any existing usage scenarios at all.

This change is acceptable for me. Tag me when you submit, I can help with the review. 😄

from certificatedsc.

Awesome! Thanks @johlju - I'll get working on this over the next week or so. It'll shrink the number of DSC configs we're creating by a lot 😁

from certificatedsc.