You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I suggest we separate (the TLS doc) in the following manner:
How to supply a server certificate for a VCH (this is a really common thing for many servers - should be the piece people are most familiar with).
How to configure client authentication (mutual authentication)
How to disable TLS
--> what certificates are required for each of these (certificate authority, server certificate and key, client certificate and key), which role needs which certificates and how they're used in installation.
--> explicitly not talking about how those certificates are obtained
Then a separate section on the fact that we generate trivial versions of these certificates as a convenience when possible (--tls-cname or --client-network-ip), and that if wanting more control over the certificates than we provide for that the certificates can be generated by standard means (e.g. openssl for linux) or obtained from a certificate provider (https://en.wikipedia.org/wiki/Certificate_authority#Providers)
The TLS docs need more work.
Comment from @hickeng by email:
I suggest we separate (the TLS doc) in the following manner:
--> what certificates are required for each of these (certificate authority, server certificate and key, client certificate and key), which role needs which certificates and how they're used in installation.
--> explicitly not talking about how those certificates are obtained
Then a separate section on the fact that we generate trivial versions of these certificates as a convenience when possible (--tls-cname or --client-network-ip), and that if wanting more control over the certificates than we provide for that the certificates can be generated by standard means (e.g. openssl for linux) or obtained from a certificate provider (https://en.wikipedia.org/wiki/Certificate_authority#Providers)
See also:
The text was updated successfully, but these errors were encountered: