I am configuring a certificate for my domain on APISIX and I would like to know how to configure both types of certificates?
Related
Due to auditing requirements, it is necessary to encrypt all connections between the application and the elasticsearch cluster
after a little googling, I realized that the elasticsearch cluster protection looks like this
Enable x-pack: true in elasticsearch.yml
generate CA
copy the CA to each node in the cluster
generate a certificate for each node (by signing it using the generated CA in paragraph 2)
in this case, we will have a secure connection ONLY between the nodes in the cluster (on port 9300)
inter-node tls
I have purchased an SSL certificate and the certificate files look like this
STAR_rem-masters_com.ca-bundle star_rem_masters_com_certificate.crt
(I bought these certificates from sectigo)
Now the question is how can these certificates be used for inter-node ssl and client-server ( application > elasticsearch ) because in all examples they use self-signed certificates that are generated using elasticsearch-certutil
APISIX uses etcd as the configuration center, I have configured and enabled mTLS in etcd for secure data transfer, how do I configure it in APISIX to make it effective?
First of all, you need to prepare a pair of client certificate and private key. Then configure it on APISIX. You can specify them in the config.yaml. The related fields are:
etcd.tls.cert: client certificate
etcd.tls.key: client private key
apisix.ssl. ssl_trusted_certificate: CA certificate to verify the ETCD server certificate
I want to configure letsencrypt ca signed certificate for my exist-db app and I have used the below two guides but could not succeed.
https://www.cirt.gov.bd/a-step-by-step-guide-to-securing-a-tomcat-server-with-letsencrypt-ssl-certificate/
How to configure SSL in Jetty with CA signed certificate properly?
Can anyone help me to dig out the issue?
It might be easier to run your existdb instance behind a nginx proxy and let nginx handle SSL connections with letsencrypt certs.
More on existdb deployment scenarios here:
https://e-editiones.org/wp-content/uploads/2020/08/Common-eXist-db-TEI-Publisher-Deployment-Scenarios.pdf
We are trying to enable tls to the Consul so that our Rest service(which is using self-signed certificate) will be able to register to Consul in Https mode, For enabling TLS I am following Consul documentation as well as below links
https://www.digitalocean.com/community/tutorials/how-to-secure-consul-with-tls-encryption-on-ubuntu-14-04
http://russellsimpkins.blogspot.in/2015/10/consul-adding-tls-using-self-signed.html
Note: I am using centos 7.2
now my service try to register to the consul but in Consul dashboard its down and on the console I am getting below error:
x509: certificate signed by unknown authority
we found the solution. we have to add the CA cert to TLS trust store instead JVM trust store for centos it is "/etc/pki/tls/certs/ca-bundle.crt"
just by appending CA certificate to this file solved our issue
I have a SAN SSL Certificate which covers about 4 subdomains. Os is windows.
abc.mydomain.com
xyz.mydomain.com
pqr.mydomain.com
jkl.mydomain.com
The common name for the certificate is abc.mydomain.com
How can I apply this certificate in Apache so that it could provide SSL security to all the four domains. I mean how should I configure Apache in this case.