Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-59192

create an option to trust system provided CA chains

    XMLWordPrintable

Details

    • 0

    Description

      I want ns_server to trust OS trusted CAs
      So that I can skip uploding CA for LDAP and SSO connections

       

      see https://www.erlang.org/blog/my-otp-25-highlights/#ca-certificates-can-be-fetched-from-the-os-standard-place

       

      Context: At the moment for SSO connection setup one needs to provide the https metadata endpoint. This endpoint is public and usually signed by a trusted public CA. 
      When I configure this in 7.6 the metadata can not be downloaded as Erlang does not trust the public CA. The workaround is to manually download the CA cert of the metadata endpoint and specifically trust it. While this is a acceptable workaround, this will cause CBSE later on as the expectation is that metadata endpoints should just work. As the new Erlang release contain this function, we could easily solve this and reduce potential support issues. 

       

      PRD https://issues.couchbase.com/browse/MB-59192

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            Abhijeeth.Nuthan Abhijeeth Nuthan
            istvan.orban Istvan Orban
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty