RN 4.10: Added warning about X.509 Subject Alternative Names #41821
Conversation
openshift-ci
bot
added
the
size/S
|
✔️ Deploy Preview for osdocs ready! 🔨 Explore the source changes: d6e9677 🔍 Inspect the deploy log: https://app.netlify.com/sites/osdocs/deploys/620d1b09dafcd2000890baca 😎 Browse the preview: https://deploy-preview-41821--osdocs.netlify.app/openshift-enterprise/latest/release_notes/ocp-4-10-release-notes |
ctauchen
added
branch/enterprise-4.10
peer-review-needed
| [id="ocp-4-10-TLS-subject-alternative-names-required"] | ||
| ==== TLS X.509 certificates must have Subject Alternative Names | ||
|
|
||
| X.509 certificates must have a properly set Subject Alternative Names field. |
There was a problem hiding this comment.
The field name should be bold?
https://redhat-documentation.github.io/supplementary-style-guide/#release-notes
There was a problem hiding this comment.
No, I don't think so. This isn't a GUI field name. It's more of a key-value pair in a text file. The name Subject Alternative Name is a common name for this, but the actual key is something like subjectAltName.
| ==== TLS X.509 certificates must have Subject Alternative Names | ||
|
|
||
| X.509 certificates must have a properly set Subject Alternative Names field. | ||
| If you update your cluster without this, you risk breaking your cluster, rendering it inaccessible, or worse. |
There was a problem hiding this comment.
What could be worse? Hard to imagine. :-)
There was a problem hiding this comment.
s/or worse/and the servers will all catch fire, data centers for each distributed cluster will go offline, and YOU WILL BREAK THE CLOUD
There was a problem hiding this comment.
I said it was HARD to imagine, not impossible :-)
There was a problem hiding this comment.
I'd drop the "or worse" from the release note. I get that this is an important warning, but "or worse" is pretty open-ended. Just my $.02 cents. :)
| X.509 certificates must have a properly set Subject Alternative Names field. | ||
| If you update your cluster without this, you risk breaking your cluster, rendering it inaccessible, or worse. | ||
|
|
||
| In older versions of {product-title}, X.509 certificates worked without the Subject Alternative Names, so long as the Common Name field was set. |
| In older versions of {product-title}, X.509 certificates worked without the Subject Alternative Names, so long as the Common Name field was set. | ||
| link:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-tls-common-name[This behavior was removed in {product-title} 4.6]. | ||
|
|
||
| In some cases, certificates without Subject Alternative Names continued to work in {product-title} 4.6, 4.7, 4.8, and 4.9. |
ctauchen
force-pushed
the
RN-4.10-SAN-required
branch
from
a7425c5 to
d9c842f
Compare
|
/lgtm |
|
LGTM! |
ctauchen
force-pushed
the
RN-4.10-SAN-required
branch
from
d9c842f to
d6e9677
Compare
|
New changes are detected. LGTM label has been removed. |
ctauchen
added
peer-review-done
4 participants
From RN tracker: #37586 (comment)
Preview: https://deploy-preview-41821--osdocs.netlify.app/openshift-enterprise/latest/release_notes/ocp-4-10-release-notes.html#ocp-4-10-notable-technical-changes
@s-urbaniak Can you check this to make sure I've got it right? Thanks!
@sjstout Anything you'd like to see different?