Greetings team,

I’d like to submit an RFE in order to be able to override the default console-UI behavior that requires that when using custom certificates for HTTP LB, at least one certificate must contain a CN attribute matching the configured Domain(s) on the LB in order for the config to be deployable.

<screenshot>

(configure a cert that doesn’t have a wildcard or explicit CN match for www2.foo.com). Cannot deploy:

Failed transaction handling http_loadbalancer: STM Error, PreDBUndo Error: %!s(<nil>): Applying transaction function: rpc error: code = InvalidArgument desc = No certificate found matching domain www2.foo.com

The justification for this is ease of testing for support teams, such as setting up repro environments without having to handle customer keys, to avoid conflicts when configuring a clone/test environment, and so on. It can be an admin-only setting or something like that.

Any questions let me know.

domain-override...

×

Attachments Open full size