This message was deleted.
# longhorn-storagea
adamant-kite-43734
05/21/2024, 3:21 PMThis message was deleted.
p
powerful-librarian-10572
05/21/2024, 3:26 PMpowerful-librarian-10572
05/21/2024, 3:26 PMf
fast-plumber-26155
05/21/2024, 3:28 PMThanks. But it looks like the answer is No to my second question
p
powerful-librarian-10572
05/21/2024, 3:29 PMYes but it doesnt seems required
If you want to use a self-signed SSL certificate, you can specify AWS_CERT in the Kubernetes secret you provided to Longhorn. See the example in Set up a Local Testing Backupstore. It’s important to note that the certificate needs to be in PEM format, and must be its own CA. Or one must include a certificate chain that contains the CA certificate. To include multiple certificates, one can just concatenate the different certificates (PEM files).
f
fast-plumber-26155
05/21/2024, 3:33 PMUnless hostname checking is skipped when you provide a cert (haven't tried yet), then it's required for me. Unfortunately.
p
powerful-librarian-10572
05/21/2024, 3:34 PMCan't you hack around a reverse proxy to present that cert?
f
fast-plumber-26155
05/21/2024, 3:35 PMAs said, I'm talking to an S3-server that has a self-signed cert. But not only a self-signed cert.... It's a cert that contains no valid DNS-names or IP-sans. So the cert is basically invalid, from an x509 standpoint. .... Yeah, I could setup a proxy... Maybe.. Question is whether that's faster than getting the right team in my corp to actually present a sane cert on the s3 gateway 😄 will try both, see what comes first... thanks again
p
powerful-librarian-10572
05/21/2024, 3:36 PMGood luck mate 🫡
🙌 1
5 Views