Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Use more clever certificate subject #617

Open
Assignees

Description

Well, currently all certificates get the subject CN=generated certificate for pod.
This imposes real security problems as shown in the code links below.

We should change that, so that one can actually use the subject for authorization. Things that come to my mind:

  1. OPA rules for Kafka using mTLS
  2. NiFi OPA rules and config
  3. @siegfriedweber mentioned the OpenSearch implementation also struggles with our current subject

Metadata

Metadata

Labels

No labels
No labels

Type

No type
No fields configured for issues without a type.

Projects

Status
Development: In Progress
Status
In Progress

Milestone

No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      AltStyle によって変換されたページ (->オリジナル) /