-
Notifications
You must be signed in to change notification settings - Fork 351
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature request] Add support for specifying trusted certificates #38
Comments
Why does this need to be specific to influxdb-relay? Can't a trusted certificate be added to the system as a whole? |
@nathanielc Sometimes you want service-specific certificates that aren't trusted globally on the machine. Adding a new CA to the host machine would add an extra attack surface: If the CA used to sign the cert for the backends is compromised, it will only compromise the relay traffic, rather than potentially trusting that CA for any secure connection or authentication on the machine. |
@joelegasse Makes sense, thanks. |
@rossmcdonald Would adding this as a per-backend option |
@joelegasse Absolutely, I think that makes perfect sense. |
Will this influx-relay would be helpful if I have only 1 influxdb server ? It doesn't seem so that it works ,
|
It can be difficult to configure Relay to communicate with an InfluxDB server that is using a self-signed SSL certificate that is not trusted by the host system. It would be great if there was a configuration option for specifying a set of trusted certificates to use for communication.
The text was updated successfully, but these errors were encountered: