Skip to content

Commit c233e01

Browse files
iaftab-alamiaftab-alam
committed
Add missing EKU values to end certs
1 parent ea3d4d5 commit c233e01

File tree

5 files changed

+41
-0
lines changed

5 files changed

+41
-0
lines changed

cf-deployment.yml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2047,6 +2047,8 @@ variables:
20472047
common_name: blobstore.service.cf.internal
20482048
alternative_names:
20492049
- blobstore.service.cf.internal
2050+
extended_key_usage:
2051+
- server_auth
20502052
- name: blobstore_public
20512053
type: certificate
20522054
update_mode: converge
@@ -2055,6 +2057,8 @@ variables:
20552057
alternative_names:
20562058
- "blobstore.((system_domain))"
20572059
ca: service_cf_internal_ca
2060+
extended_key_usage:
2061+
- server_auth
20582062
- name: diego_auctioneer_client
20592063
type: certificate
20602064
update_mode: converge
@@ -2257,6 +2261,8 @@ variables:
22572261
- log-cache
22582262
- log-cache.((system_domain))
22592263
- "*.log-cache.((system_domain))"
2264+
extended_key_usage:
2265+
- server_auth
22602266
- name: log_cache_proxy_tls
22612267
type: certificate
22622268
update_mode: converge
@@ -2265,6 +2271,9 @@ variables:
22652271
common_name: localhost
22662272
alternative_names:
22672273
- localhost
2274+
extended_key_usage:
2275+
- client_auth
2276+
- server_auth
22682277
- name: syslog_agent_log_cache_tls
22692278
type: certificate
22702279
update_mode: converge
@@ -2298,6 +2307,8 @@ variables:
22982307
alternative_names:
22992308
- "((system_domain))"
23002309
- "*.((system_domain))"
2310+
extended_key_usage:
2311+
- server_auth
23012312
- name: routing_api_ca
23022313
type: certificate
23032314
options:
@@ -2335,6 +2346,8 @@ variables:
23352346
common_name: uaa.service.cf.internal
23362347
alternative_names:
23372348
- uaa.service.cf.internal
2349+
extended_key_usage:
2350+
- server_auth
23382351
- name: uaa_login_saml
23392352
type: certificate
23402353
update_mode: converge
@@ -2370,6 +2383,8 @@ variables:
23702383
alternative_names:
23712384
- "api.((system_domain))"
23722385
- cloud-controller-ng.service.cf.internal
2386+
extended_key_usage:
2387+
- server_auth
23732388
- name: cc_bridge_tps
23742389
type: certificate
23752390
update_mode: converge
@@ -2459,6 +2474,8 @@ variables:
24592474
common_name: gorouter_lb_health_tls
24602475
alternative_names:
24612476
- gorouter.service.cf.internal
2477+
extended_key_usage:
2478+
- server_auth
24622479
- name: tcp_router_backend_tls
24632480
type: certificate
24642481
options:
@@ -2475,6 +2492,8 @@ variables:
24752492
common_name: tcp_router_lb_health_tls
24762493
alternative_names:
24772494
- tcp-router.service.cf.internal
2495+
extended_key_usage:
2496+
- server_auth
24782497
- name: credhub_ca
24792498
type: certificate
24802499
options:
@@ -2488,6 +2507,8 @@ variables:
24882507
alternative_names:
24892508
- credhub.service.cf.internal
24902509
- credhub.((system_domain))
2510+
extended_key_usage:
2511+
- server_auth
24912512
- name: ssh_proxy_backends_tls
24922513
type: certificate
24932514
options:
@@ -2526,6 +2547,8 @@ variables:
25262547
common_name: sql-db.service.cf.internal
25272548
alternative_names:
25282549
- sql-db.service.cf.internal
2550+
extended_key_usage:
2551+
- server_auth
25292552

25302553
- name: loggregator_rlp_gateway_tls
25312554
type: certificate
@@ -2536,6 +2559,8 @@ variables:
25362559
alternative_names:
25372560
- log-stream.((system_domain))
25382561
- log-api.service.cf.internal
2562+
extended_key_usage:
2563+
- server_auth
25392564

25402565
- name: loggregator_trafficcontroller_tls
25412566
type: certificate
@@ -2546,6 +2571,8 @@ variables:
25462571
alternative_names:
25472572
- doppler.((system_domain))
25482573
- log-api.service.cf.internal
2574+
extended_key_usage:
2575+
- server_auth
25492576

25502577
- name: metric_scraper_ca
25512578
type: certificate

operations/test/add-oidc-provider.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -203,3 +203,5 @@
203203
common_name: uaa-oidc.service.cf.internal
204204
alternative_names:
205205
- uaa-oidc.service.cf.internal
206+
extnended_key_usage:
207+
- server_auth

operations/test/enable-nfs-test-ldapserver.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,3 +46,5 @@
4646
common_name: nfstestldapserver.service.cf.internal
4747
alternative_names:
4848
- nfstestldapserver.service.cf.internal
49+
extended_key_usage:
50+
- server_auth

operations/use-haproxy.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,4 +52,6 @@
5252
- '*.((system_domain))'
5353
ca: haproxy_ca
5454
common_name: haproxySSL
55+
extended_key_usage:
56+
- server_auth
5557
type: certificate

operations/use-metric-store.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -227,6 +227,8 @@
227227
- '*.metric-store.((system_domain))'
228228
ca: service_cf_internal_ca
229229
common_name: metric-store
230+
extended_key_usage:
231+
- server_auth
230232
type: certificate
231233
- type: replace
232234
path: /variables/name=metric_store_internode?
@@ -250,6 +252,8 @@
250252
- localhost
251253
ca: metric_store_ca
252254
common_name: localhost
255+
extended_key_usage:
256+
- server_auth
253257
type: certificate
254258
update_mode: converge
255259
- type: replace
@@ -261,6 +265,8 @@
261265
- metric-store
262266
ca: metric_scraper_ca
263267
common_name: metric-store
268+
extended_key_usage:
269+
- server_auth
264270
type: certificate
265271
update_mode: converge
266272
- type: replace
@@ -272,5 +278,7 @@
272278
- metric-store-client
273279
ca: metric_scraper_ca
274280
common_name: metric-store-client
281+
extended_key_usage:
282+
- client_auth
275283
type: certificate
276284
update_mode: converge

0 commit comments

Comments
 (0)