Merge pull request #67727 from mjpytlak/ocpbugs-19368

mjpytlak · web-flow · commit 5da1297c483d · 2023-11-13T16:06:19.000-05:00
OCPBUGS#19368: Added guidance on internal CA
diff --git a/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc b/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
@@ -22,6 +22,8 @@ In {product-title} version {product-version}, you can install a cluster on your
 ** You configured the firewall to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.
 * If your Nutanix environment is using the default self-signed SSL certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the  https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide].
 +
+If your Nutanix environment uses an internal CA to issue certificates, you must configure a cluster-wide proxy as part of the installation process. For more information, see xref:../../networking/configuring-a-custom-pki.adoc#configuring-a-custom-pki[Configuring a custom PKI].
++
 [IMPORTANT]
 ====
 Use 2048-bit certificates. The installation fails if you use 4096-bit certificates with Prism Central 2022.x.
diff --git a/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc b/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc
@@ -17,6 +17,8 @@ In {product-title} {product-version}, you can install a cluster on Nutanix infra
 ** You configured the firewall to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.
 * If your Nutanix environment is using the default self-signed SSL/TLS certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the  https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide].
 +
+If your Nutanix environment uses an internal CA to issue certificates, you must configure a cluster-wide proxy as part of the installation process. For more information, see xref:../../networking/configuring-a-custom-pki.adoc#configuring-a-custom-pki[Configuring a custom PKI].
++
 [IMPORTANT]
 ====
 Use 2048-bit certificates. The installation fails if you use 4096-bit certificates with Prism Central 2022.x.

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,8 @@ In {product-title} version {product-version}, you can install a cluster on your`
`22`	`22`	`** You configured the firewall to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.`
`23`	`23`	`* If your Nutanix environment is using the default self-signed SSL certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide].`
`24`	`24`	`+`
	`25`	`+If your Nutanix environment uses an internal CA to issue certificates, you must configure a cluster-wide proxy as part of the installation process. For more information, see xref:../../networking/configuring-a-custom-pki.adoc#configuring-a-custom-pki[Configuring a custom PKI].`
	`26`	`++`
`25`	`27`	`[IMPORTANT]`
`26`	`28`	`====`
`27`	`29`	`Use 2048-bit certificates. The installation fails if you use 4096-bit certificates with Prism Central 2022.x.`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ In {product-title} {product-version}, you can install a cluster on Nutanix infra`
`17`	`17`	`** You configured the firewall to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.`
`18`	`18`	`* If your Nutanix environment is using the default self-signed SSL/TLS certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide].`
`19`	`19`	`+`
	`20`	`+If your Nutanix environment uses an internal CA to issue certificates, you must configure a cluster-wide proxy as part of the installation process. For more information, see xref:../../networking/configuring-a-custom-pki.adoc#configuring-a-custom-pki[Configuring a custom PKI].`
	`21`	`++`
`20`	`22`	`[IMPORTANT]`
`21`	`23`	`====`
`22`	`24`	`Use 2048-bit certificates. The installation fails if you use 4096-bit certificates with Prism Central 2022.x.`