Hello,
I was wondering what is the function of the OIDs in the SAN field for certificates, could you perhaps briefly explain?
`Does it always have to be 1.2.3.4.5.5? Does it have to be the same for every node in the cluster?
Best regards,
Akos Hencz
`
Certificates with that OID (as SAN) indicates that the node with this certificate is a “real” cluster node, not only a node-client or transport-client.
So other nodes can know if this node is allowed to request shard replication for example.
Currently is has to be 1.2.3.4.5.5 and is has to be the same for every node in the cluster.
Am Mittwoch, 6. April 2016 16:34:21 UTC+2 schrieb Akos Hencz:
Hello,
I was wondering what is the function of the OIDs in the SAN field for certificates, could you perhaps briefly explain?
`Does it always have to be 1.2.3.4.5.5? Does it have to be the same for every node in the cluster?Best regards,
Akos Hencz
`
Thank you for the explanation.
Will the OID be configurable later? Because right now it’s an open secret, so if someone can get a certificate signed by the trusted CA, they can also get it with this specific OID.
On Friday, April 8, 2016 at 9:26:14 PM UTC+2, in...@search-guard.com wrote:
Certificates with that OID (as SAN) indicates that the node with this certificate is a “real” cluster node, not only a node-client or transport-client.
So other nodes can know if this node is allowed to request shard replication for example.
Currently is has to be 1.2.3.4.5.5 and is has to be the same for every node in the cluster.
Am Mittwoch, 6. April 2016 16:34:21 UTC+2 schrieb Akos Hencz:
Hello,
I was wondering what is the function of the OIDs in the SAN field for certificates, could you perhaps briefly explain?
`Does it always have to be 1.2.3.4.5.5? Does it have to be the same for every node in the cluster?Best regards,
Akos Hencz
`