Update TLS common name requirements

[#122648961]
cloudfoundry-attic · Jun 27, 2016 · c199f9e · c199f9e
1 parent 0347bc0
commit c199f9e
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -100,11 +100,17 @@ using certstrap. This repository contains a helper script, `scripts/generate-cer
 This script uses certstrap to initialize a certificate authority (CA), and
 generate the certificates and keys for Consul.
 
+2.  All servers must have a certificate valid for `server.<datacenter>.<domain>` or 
+the client will reject the handshake.
+For a default consul configuration, this means that a server certificate with the common name `server.dc1.cf.internal` will need to be created.
+Further documentation concerning TLS encryption may be found on the official consul [documentation](https://www.consul.io/docs/agent/encryption.html).
+
 If you already have a CA, you may have an existing workflow. You can modify
 the `generate-certs` script to use your existing CA instead of generating a new one.
 
 The `generate-certs` script outputs files to the `./consul-certs` directory.
 
+
 2. Create Gossip Encryption Keys:
 To create an encryption key for use in the serf gossip protocol, provide an
 arbitrary string value. The consul agent job template transforms this string