Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs shouldn't encourage the use of deprecated CN field in X.509 certificates #13745

Closed
lizrice opened this issue Dec 11, 2020 · 4 comments · Fixed by #13810
Closed

Docs shouldn't encourage the use of deprecated CN field in X.509 certificates #13745

lizrice opened this issue Dec 11, 2020 · 4 comments · Fixed by #13810
Assignees
@ninjadq
Labels
doc-impact Engineering issues that will require a change in user docs kind/break-change kind/note target/2.2.0
Milestone
Sprint 105

Comments

@lizrice
Copy link

lizrice commented Dec 11, 2020

The instructions for configuring internal TLS in Harbor talk about using the Common Name (CN) field in certificates. CN has been deprecated in favour of Subject Alternative Name fields for a long time (and generally browsers no longer support it, for example Chrome dropped support for CN in 2013).

Golang retired support for CN in 1.15 so it would be a good idea for internal Harbor certificates not to rely on it, and the documents should indicate configuring the SAN rather than the CN for these certificates.
@wy65701436
Copy link
Contributor

wy65701436 commented Dec 14, 2020
edited
Loading

hi @ninjadq we should consider this in v2.2, and it could impact the internal TLS after we're upgraded to go v1.15

@ninjadq ninjadq linked a pull request Dec 18, 2020 that will close this issue
Add San for internal tls #13810
Merged
@lizrice
Copy link
Author

lizrice commented Dec 21, 2020

@wy65701436 #13810 will help with the actual certificates being used, but I think this page of Harbor docs also need to be updated to encourage people to use SAN instead of CN?

@ninjadq ninjadq added the doc-impact Engineering issues that will require a change in user docs label Dec 26, 2020
@ninjadq
Copy link
Member

ninjadq commented Dec 26, 2020

reopen as per doc impact

@ninjadq ninjadq reopened this Dec 26, 2020
ninjadq added a commit to ninjadq/website that referenced this issue Feb 1, 2021
@ninjadq
Update document for internal tls
f6fad15 
As per issue goharbor/harbor#13745

Signed-off-by: DQ <[email protected]>
@ninjadq ninjadq mentioned this issue Feb 1, 2021
Merged
ninjadq added a commit to ninjadq/website that referenced this issue Feb 1, 2021
@ninjadq
Update document for internal tls
0f27b30 
As per issue goharbor/harbor#13745

Signed-off-by: DQ <[email protected]>
ninjadq added a commit to ninjadq/website that referenced this issue Feb 1, 2021
@ninjadq
Update document for internal tls
38c0210 
As per issue goharbor/harbor#13745

Signed-off-by: DQ <[email protected]>
ninjadq added a commit to ninjadq/website that referenced this issue Feb 2, 2021
@ninjadq
Update document for internal tls
460b506 
As per issue goharbor/harbor#13745

Signed-off-by: DQ <[email protected]>
@ninjadq
Copy link
Member

ninjadq commented Feb 3, 2021

Doc updates are included in goharbor/website#172

@ninjadq ninjadq closed this as completed Feb 4, 2021
@yanji09 yanji09 added this to the Sprint 105 milestone Feb 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ninjadq ninjadq

Labels
doc-impact Engineering issues that will require a change in user docs kind/break-change kind/note target/2.2.0
Projects
None yet
Milestone
Sprint 105
Development

Successfully merging a pull request may close this issue.

Add San for internal tls ninjadq/harbor
4 participants
@lizrice @ninjadq @wy65701436 @yanji09