-
Notifications
You must be signed in to change notification settings - Fork 533
TLS in Dragonboat
lni edited this page Dec 24, 2018
·
2 revisions
Dragonboat supports Mutual TLS. This ensures
- all communication between nodes are encrypted
- only trusted nodes can become a part of your raft groups
Below is an example on how one might generate required key/cert files.
openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -out node1.key 1024
openssl req -new -key node1.key -out node1.csr
openssl x509 -req -days 365 -in node1.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out node1.crt
Once you have your server certificate (node1.crt), repeat the above steps to generate server certificates for all servers you want to use.
Note that the key file should not be password protected.
Set the MutualTLS field to true in config.NodeHostConfig, then set the CAFile field to the path of your ca.crt file and the KeyFile/CertFile fields to the key/crt files (node1.key and node1.crt) of your server.