From: stephan48 <stephan48@web>
Date: Sat, 1 Apr 2023 20:17:48 +0000 (+0200)
Subject: (no commit message)
X-Git-Url: https://blog.stejau.de/gitweb/gitweb.cgi?a=commitdiff_plain;h=a97d7f38fd2cc349de0e9aef450a58bffa2253dd;p=stejau-blog.git

---

diff --git a/posts/2023-03-27-k8s-cluster-step-ca-from-scratch.mdwn b/posts/2023-03-27-k8s-cluster-step-ca-from-scratch.mdwn
index a80ad4c..d475f10 100644
--- a/posts/2023-03-27-k8s-cluster-step-ca-from-scratch.mdwn
+++ b/posts/2023-03-27-k8s-cluster-step-ca-from-scratch.mdwn
@@ -113,6 +113,7 @@ permitted;DNS.5=kubenode01.example.org
 permitted;DNS.6=kubenode02.example.org
 :wq
 
+# we need to make sure to include the CN(or a DNS constraint allowing certs for the CN) in the nameconstraints
 # as this is a specialized usecase we will use the following instead
 # this ca is just a testcase for providing local certs which we will then turn into ssh host certs along the way.
 # my normal ca is too restricted and not really the perfect usecase for this, so we will use a specialised setup
@@ -274,6 +275,8 @@ Certificate:
         02:5f:44:2f:9a:00:c7:38:57:05
 
 
+
+
 ```
 
 its not the end yet :)