Better Cert UX

[Vulfox]

Currently, we use cert_hash to configure the https bindings for are particular website. If you know all of the cert's hashes installed on the system nomad tasks are being deployed to, this is great! However, in larger environments, this is a bit unwieldy. To get around this, I am proposing a way for folks to set their cert or maybe cert_name config to point to the CN the cert's subject is providing.

An example config:

config {
  path = "C:\\inetpub\\wwwroot"
  bindings {
    type = "https"
    port = "httpslabel"
    cert = "*.local.domain"
  }
}

This should find latest cert matching that particular wildcard cert. I don't want to perform a best match with this config (at this time). It will be purely explicit, so if your cert only provides awesomeapi.local.domain, then cert must be the same string value.

This should also allow for cert automation to happen behind the scenes and folks won't have to update their job specs, but rather trigger a reallocation and the cert find function should pick the cert that matches and expires last.

[Vulfox]

ConvertTo-Json @(Get-ChildItem cert:\LocalMachine\My | select -Property Thumbprint, Subject,FriendlyName, @{name='NotAfter'; expression= {$_.NotAfter.ToString("yyyy-MM-dd'T'HH:mm:ss.fffK")}}, @{name='CN'; expression= {$_.Subject.split(",")[0].Substring(3)}})

This appears the be the easiest way for golang to ingest the system's info without writing some nitty gritty winapi calls.