TLS for slave HTTP #32

janisstreib · 2016-08-24T15:21:30Z

I prupose the follwing procedure:

Each slave has its (not necessarily unique) cert and private key, signed by a cluster local CA and supplied via the cmd.
When the mater connects to the slave, it only allows connections with certs signed by the CA.
The CA/PKI structure will not be managed by the master.

=> Therefore I prupose to place the CA cert into the master as reference to simplify the implementation.

Add cert/key parameters to the slave cmd
Serve http with TLS instead of plain HTTP on the slave
- Only use proper ciphers, please ;)
Use http with TLS + client cert instead of plain HTTP on the master
Configure the CA in the master
- (Optional) Add CA to MaterAPI (/api/system)
- (Optional) Add GUI setting or display for the CA
- Alternatively: Add commandline parameter for the reference CA to master cmd
Implement connection check in the deployer/MSP and generate appropriate probelms
Implement client cert check in the slave
Document procedure in the manual (see Add user manual/install instructions #33)

The text was updated successfully, but these errors were encountered:

problame · 2016-08-29T13:52:26Z

remove hardcoded endpoints

janisstreib · 2016-08-31T18:04:34Z

Slave verification by master done with 444519b

janisstreib · 2016-09-01T13:15:58Z

Implemented cert auth in 837f43b

janisstreib added enhancement needsdiscussion labels Aug 24, 2016

janisstreib assigned problame, bwoebi, antonxy and janisstreib Aug 24, 2016

janisstreib closed this as completed Aug 31, 2016

janisstreib reopened this Sep 1, 2016

janisstreib unassigned problame, bwoebi and antonxy Sep 1, 2016

janisstreib closed this as completed Sep 1, 2016

janisstreib removed the needsdiscussion label Sep 1, 2016

Provide feedback