containerlab icon indicating copy to clipboard operation
containerlab copied to clipboard

Published 20 hours ago verified publisher icon srl-labs

delay certificates creation

Open karimra opened this issue 3 years ago • 1 comments

Right now, we generate certificates before the containers deployments, This means the mgmt IP addresses, cannot be part of the cert SAN.

What about delaying the certificates generation till after the deployment and use SRL's json-rpc to set the certificates and enable the gnmi-server ? This also solves the issue of overwriting certificates on disk even if they are present in config.

For other nodes, we can check how certificates can be set other than at boot

karimra avatar Nov 18 '20 15:11 karimra

since now we provision additional config for srlinux after the node has been started, it is possible to get its IP address and create the certs for IP as well

hellt avatar Sep 14 '21 10:09 hellt

Since #1273 is merged we can now delay the cert creation until post-deploy and include the Mgmt-IP in the SANs.

steiler avatar Mar 29 '23 10:03 steiler

done in #1345

hellt avatar Apr 28 '23 11:04 hellt