Skip to content
This repository has been archived by the owner on Jul 16, 2021. It is now read-only.

Certificates need to be trusted by OMG applications #30

Open
macaptain opened this issue Nov 24, 2020 · 1 comment
Open

Certificates need to be trusted by OMG applications #30

macaptain opened this issue Nov 24, 2020 · 1 comment
Labels
infrastructure

Comments

@macaptain
Copy link
Contributor

The self-signed certificates won't be trusted by OMG applications running in the peered OMG clusters. You'll get something like:

SSL certificate problem: unable to get local issuer certificate

We could issue certificates to Vault via letsencrypt. The ACME challenge for renewals can be satisfied if the Vault cluster is permitted to write to DNS, rather than exposing any of the web services to the internet.

Or is there another way?
@macaptain
Copy link
Contributor Author

Another option would be to use cfssl to create a trusted CA.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
infrastructure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@macaptain