Uploaded image for project: 'CernVM'
  1. CernVM
  2. CVM-2027

support for TLS certs for gateway

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • CernVM-FS 2.9
    • CVMFS, DOC, GATEWAY
    • None
    • ANY

    Description

      Hello,

      We are proceeding to the next steps of a prototype deployment of the gateway publishing system. Previously we had a small self-contained system in one private network, but now the connection from the publishers to the gateway server will cross different networks. We anticipate there will be more publishing groups, each of which will manage their own publishing node in different places, so the gateway will need to listen on a public IP address. The gateway listening on port 4929 should have support for using a TLS certificate to secure the connection, so that the secret API key is not transmitted in plain text using HTTP over a public network.
      This will make it possible for publishing systems to connect securely to a gateway server from anywhere. Preferably we could specify file locations e.g. in /etc/cvmfs/gateway/certificates/ for the gateway to read the private key and public certificate to use.

      Thanks!

      Attachments

        Activity

          People

            rapopesc Radu Popescu
            rptaylor Ryan Taylor
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: