Folks - just applied Amogh’s patch to 4.3-forward, and back ported that to master.
Two steps left on the code side: * Need to get this retirement into the 4.3 docs * Need to backport this to 4.2 John On Feb 28, 2014, at 12:27 PM, John Kinsella <j...@stratosec.co<mailto:j...@stratosec.co>> wrote: Folks: Recently the PMC was informed that the realhostip.com<http://realhostip.com> DNS service that ACS currently uses by default as part of the console proxy will be disbanded this summer. We’ve been informed the realhostip service will be shut down June 30th, 2014, so we have approximately 4 months to mitigate this. Here’s my thoughts on how to proceed, in order of priority: * Make the transition as smooth as possible for current ACS users. Need to create clear documentation in the wiki that we can point to on how to migrate an existing ACS installation from using realhostip.com<http://realhostip.com> to a user’s own certificate and resolver. I see section 16.4.2 in the 4.2 admin guide talks about this, but I think we can improve a bit. e.g. the current docs don’t make it clear that a wildcard cert is required. Once we have a transition guide in place, I intend to announce to users@ and announce@ along with the social media paths. This isn’t private, but I’d rather not announce until we have a clear, tested easy to follow transition guide to make this as painless as possible for folks. I’m working on this and will update after testing. * If at all possible, I’d really like to get something big and visible into the 4.3 documentation warning users about this. * For 4.4, we should no longer be using SSL/realhostip for console proxy. We’re expecting some patches to address this, I’ll update this thread once they hit and/or a Jira issue is created. Open to any thoughts/suggestions. John Stratosec<http://stratosec.co/> - Compliance as a Service o: 415.315.9385 @johnlkinsella<http://twitter.com/johnlkinsella>
