Skip to content

Support BackendTLSPolicy SubjectAltNames #3152

New issue
New issue
Closed as not planned
Closed as not planned
Support BackendTLSPolicy SubjectAltNames#3152
Labels
area/gateway/extendedRelates to all extended features of Gatewayarea/securityFor security best practicesbacklogCurrently unprioritized work. May change with user feedback or as the product progresses.enhancementNew feature or requestrefinedRequirements are refined and the issue is ready to be implemented.size/mediumEstimated to be completed within a week
@sjberman

Description

@sjberman
sjberman
opened on Feb 20, 2025

As an NGF user,
I want to specify Subject Alternative (SAN) names for my backends,
So that I can allow multiple alternative names to be present in the backend certificate.

Note: this may not actually be possible with nginx to support a list of SANs. See kubernetes-sigs/gateway-api#3591 which is changing this field to extended for this reason.

We still may want to investigate.

Acceptance

  • Support the SubjectAltNames field in the BackendTLSPolicy

(Note: We may be able to only support a single subjectAltName, and this may be ok)
Note:

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/gateway/extendedRelates to all extended features of Gatewayarea/securityFor security best practicesbacklogCurrently unprioritized work. May change with user feedback or as the product progresses.enhancementNew feature or requestrefinedRequirements are refined and the issue is ready to be implemented.size/mediumEstimated to be completed within a week

    Type

    No type

    Projects

    NGINX Gateway Fabric

    Status

    ✅ Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions