Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a delegated joining method for OCI #41705

Open
rosstimothy opened this issue May 17, 2024 · 1 comment
Open

Provide a delegated joining method for OCI #41705

rosstimothy opened this issue May 17, 2024 · 1 comment
Labels
feature-request Used for new features in Teleport, improvements to current should be #enhancements

Comments

@rosstimothy
Copy link
Contributor

rosstimothy commented May 17, 2024
edited

Similar to other cloud providers, provide a way to join instances in OCI via delegated joining.

https://goteleport.com/docs/reference/join-methods/#delegated-join-methods
@rosstimothy rosstimothy added the feature-request Used for new features in Teleport, improvements to current should be #enhancements label May 17, 2024
@strideynet
Copy link
Contributor

Some research

[opc@instance-20240516-1758 ~]$ curl -s http://169.254.169.254/opc/v1/identity/cert.pem | openssl x509 -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:49:7c:6e:64:5f:a0:c7:3c:ac:f1:4f:b3:ec:98:0e
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: OU = opc-device:32:9d:8e:ba:20:a4:a1:40:48:c3:de:26:97:92:cf:10:80:cd:ec:5c:81:fd:0d:68:2d:66:12:6e:96:d9:30:18, CN = PKISVC Identity Intermediate eu-frankfurt-1
        Validity
            Not Before: May 17 12:32:19 2024 GMT
            Not After : May 17 14:33:19 2024 GMT
        Subject: CN = ocid1.instance.oc1.eu-frankfurt-1.antheljtjyikasyc3lwrq4zwdcfjq73mjpkbjxsr5cy7supxh4iiw3o375pa, OU = opc-certtype:instance, OU = opc-compartment:ocid1.tenancy.oc1..aaaaaaaauv7t5sox7udyi4c53f6huu7hy32kgwzqeizagrqy2hbezhxvmqsa, OU = opc-instance:ocid1.instance.oc1.eu-frankfurt-1.antheljtjyikasyc3lwrq4zwdcfjq73mjpkbjxsr5cy7supxh4iiw3o375pa, OU = opc-tenant:ocid1.tenancy.oc1..aaaaaaaauv7t5sox7udyi4c53f6huu7hy32kgwzqeizagrqy2hbezhxvmqsa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fa:fe:38:8d:74:73:30:54:84:a2:03:75:28:
                    78:a8:a7:8d:5c:d5:46:f4:2c:08:97:6f:cc:ce:39:
                    bf:34:08:2e:71:b0:fe:12:93:c8:db:1f:74:24:76:
                    59:81:36:8f:a7:f8:18:be:cc:ab:e4:3f:60:c7:07:
                    34:ed:7e:9c:0d:65:cc:73:e7:af:26:42:1f:80:59:
                    6f:6d:2b:54:fc:a1:9d:f6:e5:76:f1:66:48:30:de:
                    ca:12:a2:8d:15:91:2b:7f:2a:fd:a3:21:ba:4e:71:
                    6b:4e:59:37:f4:5e:94:fe:e2:bc:ff:f3:27:7e:0c:
                    5b:55:45:77:e9:d5:e7:a6:7d:b0:d4:0c:d6:c2:ec:
                    8a:d3:a4:28:46:25:e4:4c:3d:5b:0d:09:a8:c8:27:
                    c2:8d:a8:e7:db:ca:75:3e:97:d1:35:f1:1b:c1:6d:
                    fe:82:8c:6c:a7:8d:ff:1d:18:d9:e8:98:a9:e5:6f:
                    b8:25:5b:fa:32:ff:12:91:58:d1:38:0e:60:5e:49:
                    9a:d8:83:07:3c:1c:25:02:71:64:d7:5a:1f:30:7c:
                    72:f9:49:ba:31:1e:d1:ea:ab:7f:9f:3b:62:05:ea:
                    ee:ea:76:da:eb:36:37:c7:94:42:f4:cc:74:56:8a:
                    de:66:e7:6e:96:ea:e8:45:57:a8:f6:ab:f6:09:b5:
                    15:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Authority Key Identifier: 
                keyid:10:77:BB:FB:24:F0:6E:86:16:D2:02:AF:A7:07:F7:A0:6D:5F:0C:BB

            1.3.6.1.4.1.111.98.10.1: 
                0..X..instance.^ocid1.instance.oc1.eu-frankfurt-1.antheljtjyikasyc3lwrq4zwdcfjq73mjpkbjxsr5cy7supxh4iiw3o375pa.Oocid1.tenancy.oc1..aaaaaaaauv7t5sox7udyi4c53f6huu7hy32kgwzqeizagrqy2hbezhxvmqsa.Oocid1.tenancy.oc1..aaaaaaaauv7t5sox7udyi4c53f6huu7hy32kgwzqeizagrqy2hbezhxvmqsa...HAQECAR+LCAAAAAAAAP+NkLFqwzAQhqGPcqBNTiXFqRNNISkFd2gKDh26ifjsGhQpnOTBDXn3WgkhGTJ0Ovg/7rvjfzrCF1LovAMtOZTho7f2jRAbT/utaQPoSD1eySs2ncP6Ahpjw0jq++wIiknJ5JxtyOwsZimeMskWTDC5JjQR69UAGvIxzJkqxiHTiVFjehufnTc/y9ZHtHjwFCc7vxfA/6PduJs2v2qVUHkmZpl82cpCC6GVmBTT4lvAiUNl+/aT/AEpdnj+Pnnfg3dV94ulWw0xxaD4Ys4VV2nnUkQ1hIgPCipdRHLG3sjpDw5tot9jAQAA
    Signature Algorithm: sha256WithRSAEncryption
         cd:57:c4:ff:c5:77:82:3a:4f:3b:7f:dd:8b:46:95:1d:97:72:
         5b:8e:04:c1:24:93:97:b5:a8:8f:41:f6:d3:89:81:f2:32:ac:
         19:71:f5:5b:57:44:78:1d:55:28:cf:63:a8:01:0c:e1:c3:dd:
         29:8a:48:59:75:76:30:5b:3a:f8:6b:a4:e5:07:2d:a6:23:a1:
         fb:5d:80:77:d1:e9:9d:98:a6:25:18:70:c5:d0:e5:1d:52:6d:
         40:0f:52:70:6a:d9:49:5d:b1:19:95:71:42:96:3b:4a:74:2f:
         5e:f1:c8:a2:41:31:13:b4:58:db:e4:8b:13:0a:0c:c0:47:dc:
         ef:fe:81:cf:53:a6:1c:c3:1c:ca:c6:e1:2d:28:b5:28:2b:c8:
         6a:82:10:65:e3:f8:a0:9f:76:5a:90:e8:9c:fe:65:ab:75:24:
         87:b3:76:29:2e:06:ee:dc:80:f2:4e:29:3f:e3:65:6e:eb:8a:
         c9:72:29:88:30:fb:fa:c1:a6:e1:19:4b:67:f0:d1:4a:65:f4:
         93:a2:83:56:e8:60:30:08:f0:24:b6:a1:cb:ea:ab:7a:57:0d:
         39:ee:f0:7f:3e:34:70:88:cd:e1:15:dd:57:a3:d2:cd:70:c0:
         bc:0c:96:8c:19:fc:c1:d0:7e:66:34:2c:c3:ba:37:db:6f:4f:
         88:7a:b0:3f:09:8e:11:a5:db:3e:f9:b8:3b:47:21:9d:54:76:
         ce:2d:1d:7d:5b:e0:a3:54:14:d6:38:44:9e:01:8c:e5:41:0c:
         23:f4:cb:d2:61:61:29:01:1f:28:1c:bd:84:e3:27:9c:b7:62:
         03:be:8a:75:6c:7b:27:74:26:e2:e3:ce:cf:4a:4f:31:16:b2:
         85:f0:78:9e:6a:32:7b:4b:f0:fc:c5:6c:c6:59:91:2d:f5:ba:
         d3:47:43:53:1e:32:d3:cc:8f:5e:74:59:8b:5f:2f:fc:36:e8:
         ce:c2:c9:9d:35:00:88:11:92:7e:7c:14:75:38:89:34:5a:fc:
         e4:bc:3a:25:6a:0a:41:d9:1f:e7:5e:2e:f0:2f:f4:73:27:6d:
         47:f2:52:38:e4:63:b0:86:66:55:2f:df:5b:cc:e2:13:b1:c4:
         46:4b:ef:ca:5b:af:94:fb:eb:36:0b:39:94:8a:a1:f0:69:f0:
         31:1d:df:c9:2e:45:a5:37:43:0a:fe:7b:53:83:e2:32:d9:5a:
         b2:a5:1d:1d:d5:b9:1d:ca:89:4e:4c:f4:b6:3d:87:ed:9b:d1:
         42:5b:6e:cf:ad:4c:34:a2:b1:e0:2e:e3:59:80:da:25:b1:a2:
         04:fc:f4:bd:a4:28:fc:27:c4:bd:47:3f:63:50:e1:0b:32:2a:
         3b:c9:f5:16:23:2b:04:1c


[opc@instance-20240516-1758 ~]$ curl http://169.254.169.254/opc/v1/identity/intermediate.pem | openssl x509 -text -noout
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2098    0  2098    0     0  91217      0 --:--:-- --:--:-- --:--:-- 91217
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:aa:94:2e:31:7f:2d:4b:54:94:ed:bb:dd:02:08:4a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = OCI Instance Identity Root - eu-frankfurt-1 - 1680554700
        Validity
            Not Before: May 15 11:12:44 2024 GMT
            Not After : May 15 11:13:44 2025 GMT
        Subject: OU = opc-device:32:9d:8e:ba:20:a4:a1:40:48:c3:de:26:97:92:cf:10:80:cd:ec:5c:81:fd:0d:68:2d:66:12:6e:96:d9:30:18, CN = PKISVC Identity Intermediate eu-frankfurt-1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:d1:32:8d:14:94:47:33:07:98:e5:75:d3:b3:30:
                    11:ee:2a:de:1c:08:09:92:62:c4:9a:df:01:35:6b:
                    36:2b:3d:d0:8a:79:b4:70:e1:e3:54:35:9e:95:d5:
                    b5:9b:c1:29:50:3a:f6:71:65:78:0b:56:a3:b5:50:
                    66:53:54:13:c6:1c:37:53:49:9d:7f:c0:f2:04:a9:
                    0e:3c:58:99:c4:07:f0:7c:ae:c8:e5:ef:66:6f:e2:
                    7a:30:a6:93:8b:c6:93:0c:1f:f6:56:e5:f2:ad:03:
                    b1:9d:ac:d4:53:26:4d:37:1c:1d:f1:13:04:a0:a5:
                    db:b4:1b:e6:36:17:c5:f0:26:ac:1b:54:4a:b8:c5:
                    51:bc:10:61:6b:b6:f7:37:ab:03:7f:6a:81:ba:33:
                    f7:62:5d:87:ae:b4:7a:46:7b:44:a6:1f:b5:2b:8d:
                    af:1c:21:e8:f7:ef:f4:67:38:16:c6:72:d1:a3:14:
                    95:bc:1c:53:f5:4c:38:f7:92:a5:bb:c0:08:9b:10:
                    46:80:3e:d9:c6:c0:7c:36:5e:06:99:cb:ef:cb:d9:
                    f5:c9:27:28:01:65:77:6d:4e:1f:3d:ce:ec:bd:b0:
                    fe:23:f3:63:98:62:b1:1f:44:44:d1:26:8e:b5:9a:
                    de:e1:25:7f:e6:30:e3:93:47:be:19:4b:00:58:69:
                    13:59:78:0f:cb:47:51:3a:57:50:82:6a:ee:b7:29:
                    54:5b:d6:2c:45:66:22:1e:08:95:73:67:f4:3f:9d:
                    d2:1b:4b:31:b1:6d:79:a9:1c:08:62:07:12:47:09:
                    19:7b:6f:8c:dc:be:07:74:7c:6a:80:c9:6f:29:a9:
                    59:94:6f:d3:55:b2:b3:99:6a:8b:3b:1d:66:1d:76:
                    f2:01:04:ff:86:03:7c:2e:6e:e7:8a:b9:6a:3a:77:
                    7b:0c:7d:e5:c9:17:3b:2a:31:36:84:ff:a5:fe:64:
                    70:b4:47:24:d5:2b:00:67:f5:ce:42:ab:ca:59:c3:
                    1a:da:05:6e:da:52:7d:fb:13:62:df:f6:38:1c:89:
                    6c:36:17:71:9b:bd:ae:02:2d:2d:5e:2c:5f:f9:e8:
                    8e:7f:c6:16:3c:40:e3:71:92:00:7c:aa:31:78:fa:
                    d2:ee:39:0e:2d:4e:2e:10:74:e6:a3:3c:c4:55:ba:
                    67:ca:d6:96:a4:66:ab:d8:ac:4e:5d:52:8f:9b:57:
                    f4:51:9d:50:95:de:c3:4b:74:18:d3:e9:50:71:1f:
                    2c:c9:87:81:34:31:0e:fc:57:be:a7:d4:de:7c:6f:
                    3d:a5:7c:f3:ae:2f:88:b9:29:2d:c3:d2:b8:0d:23:
                    a4:2d:67:71:d7:3f:81:6a:51:75:7c:d1:8e:71:a9:
                    e1:3b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Subject Key Identifier: 
                10:77:BB:FB:24:F0:6E:86:16:D2:02:AF:A7:07:F7:A0:6D:5F:0C:BB
            X509v3 Authority Key Identifier: 
                keyid:17:A5:9E:09:73:4E:96:E2:D8:E3:10:46:13:0A:F7:FF:69:CB:D5:1B

    Signature Algorithm: sha256WithRSAEncryption
         7f:da:47:02:71:6a:d8:c9:05:d6:94:05:25:30:65:94:93:1b:
         07:d8:73:0f:23:03:60:d4:f8:1e:a9:7a:10:23:39:ec:a8:5a:
         64:ef:4e:14:96:ff:21:14:73:64:ce:cc:3b:f1:b2:7d:86:58:
         ce:10:72:6b:b4:6e:e9:95:db:1e:90:c6:e2:e8:94:d0:db:ca:
         4a:a0:1b:da:2f:dc:5d:a3:73:86:08:24:79:9a:85:ad:6d:70:
         bd:ce:87:16:2a:3d:a6:b1:79:61:90:c9:9a:83:03:29:7b:ad:
         62:c3:bd:f4:07:96:a1:15:a9:ca:12:81:38:de:17:85:9f:b7:
         7d:45:b3:87:a5:70:1e:0e:25:93:81:f5:08:1f:7b:60:40:b4:
         fd:9c:2d:6b:90:72:ad:4c:ba:9a:17:77:15:1a:47:c1:0e:66:
         a8:25:20:43:bf:d5:2f:7b:eb:23:4d:cb:1e:d9:98:91:b1:1e:
         2b:f5:77:6a:3a:49:93:9c:bf:b2:de:ea:47:02:99:55:b8:d9:
         a5:62:73:94:9f:a6:70:06:e5:d5:ff:7f:e8:9d:8f:b0:21:a1:
         44:c7:89:1c:fc:f4:7f:14:36:c7:c8:9e:93:c6:af:a8:fb:75:
         04:48:7c:c3:d1:75:c0:bc:a5:29:81:64:fc:35:c1:1f:98:d9:
         ab:1e:a1:30:3a:d3:92:4b:6e:c1:ec:b2:2b:04:fe:58:1e:ac:
         9b:0f:ff:aa:35:cb:23:5d:ff:55:a1:2f:61:a9:97:69:50:ed:
         c4:88:f3:e9:94:93:c8:19:55:f7:b1:02:e5:e1:4b:07:c8:69:
         bb:c0:30:a5:f2:ad:f3:ce:ea:96:78:9a:d9:fe:d6:f8:2c:18:
         29:ea:b9:da:74:fb:54:bd:39:11:4a:f5:82:2c:2a:2a:89:fc:
         89:80:06:8a:9e:64:85:93:b8:2d:7b:0a:5a:63:84:71:52:84:
         de:8d:fb:79:4f:e4:b6:ae:7e:98:c0:ac:37:8e:95:1a:b8:60:
         38:5e:74:1d:21:8d:af:09:70:de:4e:c7:8a:db:97:7a:b2:34:
         4e:a2:e6:28:fe:ef:91:58:5f:d3:7c:f9:50:d2:09:38:03:0b:
         8f:7d:c7:c5:9e:98:90:3b:54:50:0f:cf:5b:ff:90:8d:c0:75:
         36:d8:41:17:0b:37:7c:eb:7f:84:78:17:96:49:de:a9:55:0f:
         7c:ec:98:48:3e:f6:49:5c:ca:c7:5c:2f:f9:27:e5:a4:03:6f:
         f1:f1:fa:d1:fa:bc:c4:48:e0:60:8b:72:66:cc:f4:8b:b7:02:
         7d:b2:b4:a2:da:da:c5:0b:ac:49:a0:77:c3:d9:91:eb:68:af:
         17:08:6e:91:d4:b4:df:1b

[opc@instance-20240516-1758 ~]$ curl -s http://169.254.169.254/opc/v1/identity_commercial/identity-ca-bundle.pem | openssl x509 -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = OCI Instance Identity Root - eu-frankfurt-1 - 1680545403
        Validity
            Not Before: Apr  3 18:00:03 2023 GMT
            Not After : Apr  1 18:10:03 2028 GMT
        Subject: CN = OCI Instance Identity Root - eu-frankfurt-1 - 1680545403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:b9:d0:36:74:32:f0:5c:07:32:f1:4b:e0:d3:cc:
                    76:49:0d:7b:32:e8:be:96:05:dc:dd:84:cf:4d:bb:
                    27:a2:fb:c3:fb:ab:57:b8:83:ca:b4:a9:f3:ec:5c:
                    0b:7f:92:b0:8d:c0:9f:88:20:1e:48:dd:62:9e:fe:
                    eb:c5:19:2b:ce:62:62:b7:23:78:47:b6:4c:6c:46:
                    e9:c4:d7:23:96:ed:8a:c2:a8:9e:d2:22:26:eb:a0:
                    2e:6a:4e:54:de:b2:88:04:fb:dc:72:68:10:0a:10:
                    1b:81:12:8d:c9:d7:7d:f1:b0:0f:f0:02:08:87:95:
                    c7:9b:0e:a0:69:8d:20:9c:61:36:67:a3:b6:a9:72:
                    e3:0f:af:bc:7c:35:19:96:51:75:6b:c9:12:f5:21:
                    7d:9f:f7:b1:8b:d5:d6:6a:c9:2d:28:97:a5:86:17:
                    34:be:60:10:c3:b4:48:b7:86:9c:a4:b0:64:ff:b8:
                    6d:b7:aa:aa:32:ed:21:0f:92:7e:0c:1e:31:51:92:
                    0e:f6:d3:65:8b:2c:ea:96:75:04:01:ff:a8:4d:76:
                    e3:cd:2b:d8:03:18:c3:af:b0:4d:f9:e2:d0:d9:1a:
                    bf:ec:21:cb:3d:c3:24:a5:b8:6d:2d:07:e0:7b:49:
                    f5:47:cc:d5:f2:8e:35:20:2b:88:80:23:dd:84:14:
                    32:63:cf:1a:59:f2:1e:79:ed:c0:aa:6d:f0:2e:1e:
                    d3:41:5f:ea:15:03:d6:81:9b:68:1b:a1:3d:3d:99:
                    dd:93:3d:5b:59:61:fe:59:8d:21:d5:ca:5d:e7:66:
                    af:5e:d8:21:44:58:7c:16:8d:c7:23:1d:07:d7:10:
                    36:bb:aa:3f:bb:3a:a3:40:37:c5:b2:2b:c1:a0:e6:
                    8e:09:67:e0:e2:96:8c:92:71:f9:00:7f:ab:d6:4e:
                    3b:40:77:c1:a9:8a:f0:41:79:5f:09:ca:68:e6:a1:
                    6d:27:c6:19:bd:c3:31:8c:fe:70:2f:76:5b:0f:6a:
                    92:50:fd:79:3a:c3:c5:32:2c:4e:1d:84:53:da:5e:
                    94:9a:2f:be:86:20:3e:73:26:ea:ec:ac:6a:12:65:
                    2c:6b:09:d8:8e:cc:19:84:17:a9:32:49:fb:18:5a:
                    1e:cd:10:18:9e:5a:70:0c:19:12:d9:09:35:92:b4:
                    c6:42:ac:f8:62:60:14:b9:68:9c:85:2d:fa:31:ac:
                    70:55:8b:a3:10:dd:14:c7:b8:c6:68:46:66:9a:1c:
                    8e:27:04:71:9a:c2:b7:3e:58:65:4c:c0:5a:03:a6:
                    82:81:89:3f:21:57:d5:bb:56:58:c8:8c:54:b1:19:
                    5f:c4:b2:29:73:87:d2:c8:eb:66:18:17:11:e9:cc:
                    49:1d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                DF:BB:3B:32:B3:8D:07:5E:3F:C7:5A:04:61:33:92:F2:A8:3C:3D:C3
            X509v3 Authority Key Identifier: 
                keyid:DF:BB:3B:32:B3:8D:07:5E:3F:C7:5A:04:61:33:92:F2:A8:3C:3D:C3

    Signature Algorithm: sha256WithRSAEncryption
         12:e2:64:ac:e1:9d:ea:f4:96:ed:61:f5:fd:0a:73:83:23:44:
         66:b0:90:c1:b1:99:2e:64:47:30:af:50:db:6a:cb:45:ea:54:
         aa:25:ea:92:f8:c3:51:e3:f1:5b:8e:c7:a6:5d:03:85:37:30:
         af:2b:e6:f3:b6:1b:08:92:24:73:c8:a4:20:94:25:9d:a5:f3:
         ba:c9:ab:d3:fa:97:e9:3d:c0:8f:77:19:2f:32:85:ba:e9:02:
         18:e4:9a:5b:12:3c:f9:ef:f1:60:cf:5b:76:be:7f:08:e6:e3:
         a9:ff:ff:b5:7d:5f:dc:1d:1b:f4:45:5d:d4:80:fd:46:e5:5d:
         1c:da:f2:2f:73:d8:59:f6:b2:c0:d7:13:96:f3:e7:32:4f:3a:
         fa:85:19:6a:b0:58:c5:b8:cd:63:5d:1f:0a:ba:e8:51:08:92:
         3a:d2:b6:49:59:bf:14:fd:4a:bc:90:0b:ee:8b:8c:ce:4f:ba:
         27:96:49:ec:91:0f:ee:04:e8:9f:04:f5:30:39:8f:8b:be:03:
         70:f4:61:bc:8a:3b:f4:df:4d:0f:f9:4a:a1:eb:57:5e:c6:5d:
         52:00:c8:2a:fd:6d:d8:eb:48:95:0b:8a:34:13:28:3d:b0:c2:
         d7:36:71:52:86:de:c1:15:08:ea:b9:c7:35:6d:7d:56:b6:c9:
         f3:3b:ec:b0:39:64:74:f8:c6:9c:cb:e2:ae:6c:80:9e:27:81:
         6a:ea:ea:c4:a8:63:b2:e1:49:87:32:dd:07:19:9a:db:db:0d:
         5a:c2:e3:a4:3c:6a:09:b9:e6:ce:35:04:f0:06:9b:52:98:ce:
         2a:1d:48:65:4f:c5:4d:05:9f:a8:5e:a5:d1:9a:65:60:fb:a8:
         3f:4e:08:56:bd:51:74:7a:09:ea:c9:1c:c5:91:3b:f8:5d:36:
         87:a0:f8:b3:d3:a5:11:52:06:d5:af:24:ba:b8:f3:70:82:c9:
         bf:77:09:27:5b:e2:5e:d1:1a:c4:c0:74:28:87:07:2e:c8:1a:
         bb:e9:be:73:6b:26:e4:78:7d:94:4d:1d:d2:f6:3c:ba:77:a2:
         4e:43:31:f8:fb:13:fe:ba:03:7b:69:12:d4:b6:a1:32:2d:c5:
         cb:c0:2f:05:d8:01:26:a3:c4:65:15:7f:6d:a9:67:21:64:a8:
         25:4d:f5:02:12:5e:71:2a:e2:dd:90:3a:ce:bd:7a:68:9a:e6:
         2a:6e:d4:a5:9f:48:73:5b:77:96:32:11:3f:9a:c6:4f:eb:66:
         74:fa:16:e5:5a:07:79:37:1c:63:df:dc:d0:e1:83:4f:2a:22:
         40:24:17:5f:67:c1:d5:14:1c:df:f6:a1:67:c6:ad:76:c9:b8:
         ea:3b:a4:bb:58:62:73:99

I've asked a contact at OCI if there's a way to fetch the regional root CAs without being on a VM in that region. I'll update if I get an answer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request Used for new features in Teleport, improvements to current should be #enhancements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@strideynet @rosstimothy