Setup SSL/TLS
Requirement
Service center(SC) takes several files related SSL/TLS options.
- Environment variable ‘SSL_ROOT’: The directory contains certificates. If not set, uses ‘etc/ssl’ under the SC work directory.
- $SSL_ROOT/trust.cer: Trusted certificate authority.
- $SSL_ROOT/server.cer: Certificate used for SSL/TLS connections to SC.
- $SSL_ROOT/server_key.pem: Key for the certificate. If key is encrypted, ‘cert_pwd’ must be set.
- $SSL_ROOT/cert_pwd(optional): The password used to decrypt the private key.
Configuration
Please modify the conf/app.conf before start up SC
- ssl_mode: Enabled SSL/TLS mode. [0, 1]
- ssl_verify_client: Whether the SC verify client(including etcd server). [0, 1]
- ssl_protocols: Minimal SSL/TLS protocol version. [“TLSv1.0”, “TLSv1.1”, “TLSv1.2”]
- ssl_ciphers: A list of cipher suite. By default, uses TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256