Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: allow user to provide their own TLS cert and key #2176

Closed
dnephin opened this issue Jun 2, 2022 · 1 comment
Closed

server: allow user to provide their own TLS cert and key #2176

dnephin opened this issue Jun 2, 2022 · 1 comment
Assignees
@dnephin
Labels
kind/feature A request or change that improves functional suitability.

Comments

@dnephin
Copy link
Contributor

dnephin commented Jun 2, 2022
edited
Loading

Currently we use acme/autocert to accept either a cert from https://letsencrypt.org/, or generate one on the first request if a let's encrypt cert is not found.

Many orgs already have a chain of trust setup, and will likely want to provide a cert they've already generated to the infra server. Technically they could add the cert and key to the directory specified by tlsCache, but that's an undocumented interface, and probably not the one we want to support as a public interface.

We should have a way for the user to specify their own CA, cert, and private key. Adding something like this to the server options should work to allow the user to specify their own certs:

type TLSConfig struct {
    CA string
    Certificate string
    PrivateKey string
}

Where each field is the path to a file. We might not need CA initially, and might be fine with just cert and key. The CA would allow us to do mTLS if the client or connector also passed a certificate signed by the same CA.

From these options we can construct a tls.Config, and use that tls.Config in the http.Server.
@dnephin dnephin added the kind/feature A request or change that improves functional suitability. label Jun 2, 2022
@dnephin dnephin mentioned this issue Jun 2, 2022
Merged
@dnephin dnephin changed the title server: accept a CA and/or TLS cert server: allow user to provide their own TLS cert and key Jun 2, 2022
@dnephin dnephin mentioned this issue Jun 3, 2022
Merged
@dnephin dnephin mentioned this issue Jun 14, 2022
Merged
This was referenced Jun 22, 2022
Closed
Merged
Merged
Merged
@dnephin
Copy link
Contributor Author

dnephin commented Jun 29, 2022

Done in #2398, follow up work will be part of #2362

@dnephin dnephin closed this as completed Jun 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dnephin dnephin

Labels
kind/feature A request or change that improves functional suitability.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dnephin