Giter VIP home page Giter VIP logo

Comments (5)

bozho avatar bozho commented on June 2, 2024 1

I'd suggest adding CommonName parameter instead of FriendlyName. In some cases (e.g. Let's Encrypt), we may not control/know exact certificate's friendly name.

Alternatively, have the resource allow matching the friendly name against a pattern.

In case of multiple certificate matches (with either solution), use the certificate with the latest expiration date.

from sqlserverdsc.

johlju avatar johlju commented on June 2, 2024

Suggest adding a new parameter FriendlyName and use the command Assert-BoundParameter so the resource throws and exception if both parameters are provided in the configuration. Thumbprint should no longer be required. But one of Thumbprint or FriendlyName should be passed otherwise the resource should also throw an exception. Assert-BoundParameter can be used for that verification too. Though, saw that there were a bug in the docs, says the wrong command name for that parameter set. Fixed.

from sqlserverdsc.

claudiospizzi avatar claudiospizzi commented on June 2, 2024

What about adding the FriendlyName as @johlju suggested but also the CommonName as @bozho mentioned. But for this the Assert-BoundParameter can't validate mutual exclusion of 3 parameters, right?

from sqlserverdsc.

johlju avatar johlju commented on June 2, 2024

We should use only common name as @bozho suggests.

from sqlserverdsc.

russellhart avatar russellhart commented on June 2, 2024

This will also solve the issue of certificate auto-rotation. Instead of hard pinning the thumbprint the next installed certificate can be used as soon as it's available.
As mentioned choose the latest ValidTo, if ValidFrom and ValidTo are current.

from sqlserverdsc.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.