When uploading cert/key pairs to wicket in preparation for running RSS, we do some basic validation that the key matches the cert, but do not validate:
- that the cert is valid for the DNS name we expect to have
- that the cert is the right kind of cert (which might be covered by the previous check?)
Validation functions to support these should be added to CertificateValidator, and wicket should use them once added.
When uploading cert/key pairs to wicket in preparation for running RSS, we do some basic validation that the key matches the cert, but do not validate:
Validation functions to support these should be added to
CertificateValidator, and wicket should use them once added.