Certs don't include trust chain, breaking intermediate CA
Bug #1891556 reported by
Cory Johns
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Etcd Charm |
Fix Released
|
Medium
|
Unassigned | ||
| Kubernetes Control Plane Charm |
Fix Released
|
Medium
|
Unassigned | ||
| Kubernetes Worker Charm |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Originally reported here: https:/
When certs are written using the tls-client layer, the chain isn't included. This works fine if the cert is signed directly by a trusted CA, but if an intermediate CA is used (e.g., Vault), then the trust chain is required to validate the cert.
PR: https:/
| Changed in charm-kubernetes-master: | |
| status: | New → Fix Committed |
| Changed in charm-kubernetes-worker: | |
| status: | New → Fix Committed |
| Changed in charm-kubernetes-master: | |
| milestone: | none → 1.19 |
| Changed in charm-kubernetes-worker: | |
| milestone: | none → 1.19 |
| Changed in charm-kubernetes-master: | |
| importance: | Undecided → Medium |
| Changed in charm-kubernetes-worker: | |
| importance: | Undecided → Medium |
| Changed in charm-etcd: | |
| status: | Fix Committed → Fix Released |
| Changed in charm-kubernetes-master: | |
| status: | Fix Committed → Fix Released |
| Changed in charm-kubernetes-worker: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
