This component is currently work in progress.
The credentials manager manages the TLS credentials for external facing gRPC
clients and servers. If no certificates or key material are provided, it
generates InsecureServerCredentials/InsecureChannelCredentials instead.
If credentials are provided and valid, the credentials manager will provide a
TlsServerCredentials to the HAL component so it can use this credential config
to start the gRPC server.
gRPC clients get ChannelCredentials to set up a secure channel.
To start Stratum with SSL/TLS, you need to provide credential below:
- CA certificate
- Server certificate
- Server private key
- Client certificate
- Client private key
According to the gRPC document, the certificate and private key need to be specified in PEM format.
You can use tools like OpenSSL to generate these files. We also provide a script to create credentials for both the server-side and client-side.
To start Stratum with SSL/TLS, add the following flags:
--ca_cert_file=[CA certificate file]
--server_cert_file=[Server certificate file]
--server_key_file=[Server private key file]
On client tools like CLIs, add the following flags:
--ca_cert_file=[CA certificate file]
--client_cert_file=[Client certificate file]
--client_key_file=[Client private key file]