Checking Against the CN Of Every Certificate In The Certificate Chain
Is it possible to check against the CN (Common Name) or SAN (Subject Alternative Names) of each and every certificate in the certificate chain for a match ? I have 2 docker containers hosted on my VM, one of the containers (Logstash) connects to the other (ElasticSearch DB) and SSL is enabled for ElasticSearch DB.
Logstash writes its output to ElasticSearch but references it via the docker container name but the certificates being used for SSL contain the hostname of the VM.
I wanted to chain a self signed certificate bearing the container name to the certificate belonging to the host, this way I'm hoping that ad-logstash doesn't fail as it checks the CN of the self signed certificate and all external entities check the CN or SAN further up the certificate chain.
Is something like this possible ?
