Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
7.2.2
-
0
Description
I want ns_server to trust OS trusted CAs
So that I can skip uploding CA for LDAP and SSO connections
Context: At the moment for SSO connection setup one needs to provide the https metadata endpoint. This endpoint is public and usually signed by a trusted public CA.
When I configure this in 7.6 the metadata can not be downloaded as Erlang does not trust the public CA. The workaround is to manually download the CA cert of the metadata endpoint and specifically trust it. While this is a acceptable workaround, this will cause CBSE later on as the expectation is that metadata endpoints should just work. As the new Erlang release contain this function, we could easily solve this and reduce potential support issues.