control-tower icon indicating copy to clipboard operation
control-tower copied to clipboard
verified publisher icon EngineerBetter

When passing a certificate on deployment, credhub still uses a self-generated cert

Open Turbots opened this issue 6 years ago • 3 comments

I have a control-tower deployment running on GCP.

Concourse got deployed to https://concourse.devops.hubau.cloud correctly, with the valid Letsencrypt certificate that I passed Grafana uses the same certificate at https://concourse.devops.hubau.cloud:3000 Credhub uses a self-generated certificate which fails my pipelines: https://concourse.devops.hubau.cloud:8844

Turbots avatar Jun 27 '19 06:06 Turbots

Thanks for raising this @Turbots. I think that may be by design, as we assumed that the CredHub would mostly be used by internal components. The design should change, really. We can take a look at changing this, but everyone is out on billable work at the moment so we don't have much time to look at it. PRs are welcome.

DanielJonesEB avatar Jun 27 '19 16:06 DanielJonesEB

I would love to contribute, but unfortunately I'm not well versed in Go. Afaik it would be a matter of adding the certificate to the Credhub's Java Keystore as described here in step 4: https://docs.cloudfoundry.org/credhub/setup-credhub-bosh.html#-configuring-the-director

Turbots avatar Jun 27 '19 17:06 Turbots

Hello, I think this is a great feature for the system as well. Please consider adding support for this in the future. Thanks!

hiepunity3d avatar Dec 28 '20 19:12 hiepunity3d