TLS Encryption with CA¶
Configure the Authentication¶
Follow these instructions:
Purchase the TLS Certificates¶
-
Purchase a TLS certificate in PEM format for each server. This certificate has to contain the following entries:
-
localhost- For local connections on a server.
-
SEAL Print Client server name
- For connections to Consul and MongoDB
-
Consul-specific server name
- For connections between the SEAL Print Client services
Hint - TLS certificates
All TLS certificates have to be signed by the same Certificate Authority (CA).
-
-
Replace the following file by the private key:
/opt/seal/infrastructure/config/tls/key.pem
-
Replace the following file by the signed public certificate:
/opt/seal/infrastructure/config/tls/cert.pem
-
Save the CA's certificate in the following file:
/opt/seal/infrastructure/config/tls/ca.pem
Configure the Authentication for the SEAL Print Client Services¶
-
Set the key
TLS_DIRto the following path:TLS_DIR: /opt/seal/infrastructure/config/tls
Configure the Authentication for Consul¶
-
Open the Consul configuration file:
/opt/seal/infrastructure/config/consul.json
-
Insert the following lines in the second line after the opening brace:
"ca_file": "/opt/seal/infrastructure/config/tls", "verify_outgoing": true,
Caution - structure
The Consul configuration file is a JSON object whose structure has to be retained! For further information, refer to http://json.org/json-de.html.
Configure the Authentication for MongoDB¶
-
Open the MongoDB configuration file:
/opt/seal/infrastructure/config/mongod.conf
-
Search the following line:
allowInvalidCertificates: true
-
Replace the line by:
CAFile: /opt/seal/infrastructure/config/tls/ca.pem