Commit 70c7ec72 authored by Evan Read's avatar Evan Read

Merge branch 'pokstad1-gitaly-tls-common-name' into 'master'

Remove common name from Gitaly TLS support

See merge request gitlab-org/gitlab!43448
parents 9a28c42c cc70230e
...@@ -545,11 +545,7 @@ Additionally, the certificate (or its certificate authority) must be installed o ...@@ -545,11 +545,7 @@ Additionally, the certificate (or its certificate authority) must be installed o
Note the following: Note the following:
- The certificate must specify the address you use to access the Gitaly server. If you are: - The certificate must specify the address you use to access the Gitaly server. You must add the hostname or IP address as a Subject Alternative Name to the certificate.
- Addressing the Gitaly server by a hostname, you can either use the Common Name field for this,
or add it as a Subject Alternative Name.
- Addressing the Gitaly server by its IP address, you must add it as a Subject Alternative Name to
the certificate. [gRPC does not support using an IP address as Common Name in a certificate](https://github.com/grpc/grpc/issues/2691).
- You can configure Gitaly servers with both an unencrypted listening address `listen_addr` and an - You can configure Gitaly servers with both an unencrypted listening address `listen_addr` and an
encrypted listening address `tls_listen_addr` at the same time. This allows you to gradually encrypted listening address `tls_listen_addr` at the same time. This allows you to gradually
transition from unencrypted to encrypted traffic if necessary. transition from unencrypted to encrypted traffic if necessary.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment