(no commit message)

author stephan48 <stephan48@web>

Sat, 1 Apr 2023 20:17:48 +0000 (22:17 +0200)

committer IkiWiki <ikiwiki.info>

Sat, 1 Apr 2023 20:17:48 +0000 (22:17 +0200)
author stephan48 <stephan48@web>
Sat, 1 Apr 2023 20:17:48 +0000 (22:17 +0200)
committer IkiWiki <ikiwiki.info>
Sat, 1 Apr 2023 20:17:48 +0000 (22:17 +0200)
diff --git a/posts/2023-03-27-k8s-cluster-step-ca-from-scratch.mdwn b/posts/2023-03-27-k8s-cluster-step-ca-from-scratch.mdwn

index a80ad4c72b348562bfc4e7db1222dfbf293569c6..d475f103177c5a31cf80136c6fc36f0484380aad 100644 (file)
--- a/posts/2023-03-27-k8s-cluster-step-ca-from-scratch.mdwn
+++ b/posts/2023-03-27-k8s-cluster-step-ca-from-scratch.mdwn
@@ -113,6 +113,7 @@ permitted;DNS.5=kubenode01.example.org
  permitted;DNS.6=kubenode02.example.org
  :wq
  
+# we need to make sure to include the CN(or a DNS constraint allowing certs for the CN) in the nameconstraints
  # as this is a specialized usecase we will use the following instead
  # this ca is just a testcase for providing local certs which we will then turn into ssh host certs along the way.
  # my normal ca is too restricted and not really the perfect usecase for this, so we will use a specialised setup
@@ -274,6 +275,8 @@ Certificate:
          02:5f:44:2f:9a:00:c7:38:57:05
  
  
+
+
  ```
  
  its not the end yet :)
author	stephan48 <stephan48@web>
	Sat, 1 Apr 2023 20:17:48 +0000 (22:17 +0200)
committer	IkiWiki <ikiwiki.info>
	Sat, 1 Apr 2023 20:17:48 +0000 (22:17 +0200)