- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 105 for san (0.02 sec)
-
releasenotes/notes/26185.yaml
apiVersion: release-notes/v2 kind: feature area: security releaseNotes: - | **Added** support for client side Envoy secure naming config when trust domain alias is used. Fix the multi cluster service discovery client SAN generation: takes all endpoints' service accounts
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Aug 25 16:11:21 UTC 2020 - 339 bytes - Viewed (0) -
security/pkg/server/ca/authenticate/cert_authenticator_test.go
caller: nil, authenticateErrMsg: "no verified chain is found", }, "Certificate has no SAN": { certChain: [][]*x509.Certificate{ { { Version: 1, }, }, }, authenticateErrMsg: "the SAN extension does not exist", }, "With client certificate": { certChain: [][]*x509.Certificate{ { {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jan 05 01:20:59 UTC 2024 - 3.2K bytes - Viewed (0) -
pkg/apis/certificates/v1beta1/defaults_test.go
exp: false, }, "does not default to kubelet-serving if it specifies a URI SAN": { req: newCSR(kubeletServerPEMOptions, pemOptions{uris: []string{"http://something"}}), usages: kubeletServerUsages, exp: false, }, "does not default to kubelet-serving if it specifies an emailAddress SAN": { req: newCSR(kubeletServerPEMOptions, pemOptions{emailAddresses: []string{"something"}}),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Dec 27 08:04:25 UTC 2022 - 16.9K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/util/x509metrics/server_cert_deprecations.go
} func NewSANDeprecatedChecker(counter *metrics.Counter) *missingSANChecker { return &missingSANChecker{ counterRaiser: counterRaiser{ counter: counter, id: "missing-san", reason: "relies on a legacy Common Name field instead of the SAN extension for subject validation", }, } } // CheckRoundTripError returns true when we're running w/o GODEBUG=x509ignoreCN=0
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jul 26 17:14:05 UTC 2022 - 7.3K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/conversion_test.go
pod.Namespace = ns pod.Spec.ServiceAccountName = sa mesh := &meshconfig.MeshConfig{TrustDomain: "td.local"} san := SecureNamingSAN(pod, mesh) expectedSAN := fmt.Sprintf("spiffe://td.local/ns/%v/sa/%v", ns, sa) if san != expectedSAN { t.Fatalf("SAN match failed, SAN:%v expectedSAN:%v", san, expectedSAN) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 12.7K bytes - Viewed (0) -
samples/jwt-server/testdata/README.MD
# SAN Certificate Creation with OpenSSL ### Creating CA ``` openssl genrsa -out ca.key 2048 openssl req -new -x509 -days 3650 -key ca.key -subj "/C=US/ST=AZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt ``` ### Creating Server Certificate ``` openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=US/ST=AZ/O=Acme, Inc./CN=*.com" -out server.csr ``` ### Signing Certificate with CA ```
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jan 12 01:55:25 UTC 2022 - 566 bytes - Viewed (0) -
security/pkg/pki/ra/common.go
ExtCAK8s CaExternalType = "ISTIOD_RA_KUBERNETES_API" // DefaultExtCACertDir : Location of external CA certificate DefaultExtCACertDir string = "./etc/external-ca-cert" ) // ValidateCSR : Validate all SAN extensions in csrPEM match authenticated identities func ValidateCSR(csrPEM []byte, subjectIDs []string) bool { csr, err := util.ParsePemEncodedCSR(csrPEM) if err != nil { return false }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Sep 11 19:57:30 UTC 2023 - 4.4K bytes - Viewed (0) -
security/pkg/pki/util/generate_cert_test.go
ttl := time.Hour cases := map[string]struct { certOptions CertOptions verifyFields *VerifyFields }{ // These certs are signed by the CA cert "RSA: Server cert with DNS SAN": { certOptions: CertOptions{ Host: "test_server.com", NotBefore: notBefore, TTL: ttl, SignerCert: rsaCaCert, SignerPriv: rsaCaPriv, Org: "",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Nov 06 12:48:53 UTC 2023 - 29.4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/util/x509metrics/server_cert_deprecations_test.go
tests := []struct { name string serverCert []byte counterIncrease bool }{ { name: "no SAN", serverCert: serverCertNoSAN, counterIncrease: true, }, { name: "with SAN", serverCert: serverCert, }, } // register the test metrics x509MissingSANCounter := metrics.NewCounter(&metrics.CounterOpts{Name: "Test_checkForHostnameError"})
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jul 03 16:16:51 UTC 2023 - 25.5K bytes - Viewed (0) -
pilot/pkg/model/test/testcert/generate.sh
# limitations under the License. openssl req -new -newkey rsa:4096 -x509 -sha256 \ -days 3650 -nodes -out cert.pem -keyout key.pem \ -subj "/C=US/ST=Denial/L=Ether/O=Dis/CN=localhost/SAN=localhost" \ -addext "subjectAltName = DNS:localhost" openssl req -new -newkey rsa:4096 -x509 -sha256 \ -days 3650 -nodes -out cert2.pem -keyout key2.pem \
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Aug 12 05:58:58 UTC 2020 - 1K bytes - Viewed (0)