ng-monitoring After enabling TLS communication in ngmonitor, it does not support verifying the Common Name (CN) in the certificate presented by clients.

After enabling TLS communication in ngmonitor, it does not support verifying the Common Name (CN) in the certificate presented by clients.

Open pepezzzz opened this issue 7 months ago • 1 comments

After enabling TLS communication in ngmonitor,The startup configuration file of ngmonitor already has the following certificate configuration. [security] ca-path = "" cert-path = "" key-path = ""

ng-monitoring should provide a capability similar to the configuration of the cert-allowed-cn parameter described at https://docs.pingcap.com/tidb/stable/tikv-configuration-file/#cert-allowed-cn. A list of acceptable X.509 Common Names in certificates presented by clients. Requests are permitted only when the presented Common Name is an exact match with one of the entries in the list.

Mar 11 '25 13:03 pepezzzz

ng-monitoring ng-monitoring copied to clipboard

After enabling TLS communication in ngmonitor, it does not support verifying the Common Name (CN) in the certificate presented by clients.

ng-monitoring
ng-monitoring copied to clipboard