Title: Improvement: Enable secure SSL certificate and hostname verification for internal traffic · Issue #11699 · apache/cloudstack · GitHub
Open Graph Title: Improvement: Enable secure SSL certificate and hostname verification for internal traffic · Issue #11699 · apache/cloudstack
X Title: Improvement: Enable secure SSL certificate and hostname verification for internal traffic · Issue #11699 · apache/cloudstack
Description: The required feature described as a wish For internal traffic, it is common practice that HTTPS/TLS is used, but: the TLS certificates are often self-signed, or issued by an internal CA (not a public one like Let’s Encrypt). Sometimes se...
Open Graph Description: The required feature described as a wish For internal traffic, it is common practice that HTTPS/TLS is used, but: the TLS certificates are often self-signed, or issued by an internal CA (not a publ...
X Description: The required feature described as a wish For internal traffic, it is common practice that HTTPS/TLS is used, but: the TLS certificates are often self-signed, or issued by an internal CA (not a publ...
Opengraph URL: https://github.com/apache/cloudstack/issues/11699
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Improvement: Enable secure SSL certificate and hostname verification for internal traffic","articleBody":"### The required feature described as a wish\n\nFor internal traffic, it is common practice that HTTPS/TLS is used, but:\n- the TLS certificates are often self-signed, or issued by an internal CA (not a public one like Let’s Encrypt).\n- Sometimes services just use the server’s IP address instead of a DNS name.\n\nDisabling SSL certificate and hostname verification increases compatibility, allowing CloudStack to interoperate with a wide range of hypervisors, networking equipment, and storage devices. This behavior is intentional by design, to ensure broader support across diverse environments. For example,\n- Connect to Vmware vCenter\n- Connect to Xenserver\n- Connect to some external storage or network devices\n\nWe could provide more flexibility and also stronger security, including but not limited to\n\n- Allow users to bring their own SSL certificates\n- Support host name (DNS) instead of host ip in SSL communication\n- Add an option for enforce SSL certificate verification\n- Add an option for enforce hostname verification\n","author":{"url":"https://github.com/weizhouapache","@type":"Person","name":"weizhouapache"},"datePublished":"2025-09-23T12:01:49.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/11699/cloudstack/issues/11699"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:00963488-204a-7807-f130-96248e3ad831 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | C354:1EC1:347EEE:4A02BA:6A4E36EE |
| html-safe-nonce | 7847220fc992b669b37a535252da3314a4f8493c8b2bc4c9f56689fa54ccaaf0 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDMzU0OjFFQzE6MzQ3RUVFOjRBMDJCQTo2QTRFMzZFRSIsInZpc2l0b3JfaWQiOiI1NTgxMzU0Mzc0MjQyNjQ1NzQyIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 27af6031e0deb4cb92c32ae3f7b8800c3732e62afc23420641532fba4d0ae0e2 |
| hovercard-subject-tag | issue:3445000190 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/apache/cloudstack/11699/issue_layout |
| twitter:image | https://opengraph.githubassets.com/a5bec1b75d652a2e3f042801e0af6d62d6434445ff80dd0d992121c6088cf4b2/apache/cloudstack/issues/11699 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/a5bec1b75d652a2e3f042801e0af6d62d6434445ff80dd0d992121c6088cf4b2/apache/cloudstack/issues/11699 |
| og:image:alt | The required feature described as a wish For internal traffic, it is common practice that HTTPS/TLS is used, but: the TLS certificates are often self-signed, or issued by an internal CA (not a publ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | weizhouapache |
| hostname | github.com |
| expected-hostname | github.com |
| None | 030096ee0db095447bfe77409d33bfac127ca7128299c58deef27c52eaa1b1f0 |
| turbo-cache-control | no-preview |
| go-import | github.com/apache/cloudstack git https://github.com/apache/cloudstack.git |
| octolytics-dimension-user_id | 47359 |
| octolytics-dimension-user_login | apache |
| octolytics-dimension-repository_id | 9759448 |
| octolytics-dimension-repository_nwo | apache/cloudstack |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 9759448 |
| octolytics-dimension-repository_network_root_nwo | apache/cloudstack |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 42a6d378d7587a44c93aca255096cd66b7c8eb2d |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width