super-duper-vault-train icon indicating copy to clipboard operation
super-duper-vault-train copied to clipboard

Published 20 hours ago • verified publisher icon v6

Draft: add ssl support

Open simba23 opened this issue 6 years ago • 5 comments

pls test before finalizing!

simba23 avatar Jul 02 '19 00:07 simba23

@simba23 will review.

Thanks for the contributions, man!

It's a great addition because it shows how simple the TLS setup can be. Just generate the certificates, put them in a folder on each Vault, and add 2 lines to the Vault configuration.

I'll need to go back through and modify a lot of the curl stuff, though, to remove the --insecure flag and switch http to https.

v6 avatar Jul 02 '19 00:07 v6

This branch doesn't have the updates from @pranta. I'll need to rebase and merge to make sure this is done on top of the latest develop.

Please keep this in mind for future reference, if you ever need to pull in the latest changes and "replay" your work on top of them, run git remote add upstream https://github.com/v6/super-duper-vault-train.git; git pull --rebase upstream develop, because this means your work is the last in the git log.

v6 avatar Jul 08 '19 18:07 v6

Testing it now @simba23

v6 avatar Jul 08 '19 18:07 v6

Mostly resolved after an hour of changing.

Now I just need to add s%http:%--capath /vagrant/certs https:%g on all of the API scripts, or use the command export CURLOPT_CAPATH=/vagrant/certs when compiling NSS.

https://curl.haxx.se/libcurl/c/CURLOPT_CAPATH.html

Or I can compile the certs into a bundle for use with the environment variable CURL_CA_BUNDLE, to avoid compiling an NSS.

v6 avatar Jul 08 '19 19:07 v6

Squashed into this, along with some other changes I made: https://github.com/v6/super-duper-vault-train/pull/23

v6 avatar Jul 09 '19 00:07 v6