[Hawkular-dev] SSL by default
Juraci Paixão Kröhling
jpkroehling at redhat.com
Wed May 25 07:54:47 EDT 2016
Team,
I just sent a PR for hawkular-services [1] that adds SSL support by
default to the distribution.
I'd like you to take a moment and do a couple of simple tests of your
component against this distribution, specially if you perform REST calls
to a component endpoint.
Apart from the Agent, I'm not aware of any REST calls made by individual
components, but I'd need to be aware of any problems that this change
might cause.
My next step is to change the agent to accept certs on our keystore.
A few comments:
- The HTTP port is not redirecting to HTTPS yet. This might require
changes to the individual component's web.xml , which I'll be adding soon.
- The certificate inside the keystore is a self-signed one. Should we
ship it on the main distribution, with instructions telling users to
replace our certificate with a real one? Or should we *not* ship it?
Related question: are we even allowed to ship such keystores?
- As mentioned in the previous point, the cert is self-signed. So, you
might need to add "-k" to curl to bypass the cert verification.
- Authentication with client cert is not yet available.
1 - https://github.com/hawkular/hawkular-services/pull/2
- Juca.
More information about the hawkular-dev
mailing list