Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config option tls-ca is always required, even when tls-cert is signed by a trusted 3rd party CA #341

Open
przemeklal opened this issue Apr 26, 2024 · 0 comments
Open

Config option tls-ca is always required, even when tls-cert is signed by a trusted 3rd party CA #341

przemeklal opened this issue Apr 26, 2024 · 0 comments
Labels
Status: Triage Type: Bug

Comments

@przemeklal
Copy link
Member

Bug Description

I tried setting tls-cert and tls-key only as the cert is signed by a well-trusted 3rd party CA. I ended up with Traefik in the blocked state Please set tls-cert, tls-key, and tls-ca.

I don't think it makes sense to block the charm because of the missing CA cert option when it might be signed by a trusted 3rd party authority and there's no need to provide that CA separately.

For what it's worth, the described desired behaviour is how it works in e.g. openstack charms - their equivalent of the tls-ca config option (ssl_ca) is totally optional.

To Reproduce

Deploy traefik, set only to tls-cert and tls-key, and leave tls-ca empty.

Environment

Traefik charm rev 180

Relevant log output

n/a

Additional context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Triage Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@przemeklal