You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the location of the TLS cryptographic material (certificate and keys) is in a fixed location (/etc/statemachine/certs) and we only have the -insecure flag to disable TLS.
We should have a more flexible setup - continuing to enable TLS by default and keeping the default location, however we should also allow:
keep the -insecure flag to disable TLS;
add a -tlsCertFile for the X509 cert;
add a -tlsKeyFile for the certificate private key;
add a -tlsCAFile for an (optional) Certificate Authority root file (self-signed certs)
If not configured, the defaults will be:
/etc/statemachine/certs/server.pem for the certificate /etc/statemachine/certs/server-key.pem for the private key
No CA file (roots as installed by the host OS)
The text was updated successfully, but these errors were encountered:
Currently the location of the TLS cryptographic material (certificate and keys) is in a fixed location (
/etc/statemachine/certs) and we only have the-insecureflag to disable TLS.We should have a more flexible setup - continuing to enable TLS by default and keeping the default location, however we should also allow:
-insecureflag to disable TLS;-tlsCertFilefor the X509 cert;-tlsKeyFilefor the certificate private key;-tlsCAFilefor an (optional) Certificate Authority root file (self-signed certs)If not configured, the defaults will be:
/etc/statemachine/certs/server.pemfor the certificate/etc/statemachine/certs/server-key.pemfor the private keyNo CA file (roots as installed by the host OS)
The text was updated successfully, but these errors were encountered: