Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate server side certificates on initialization for usage by the Auth service #5

Open
lutzmor opened this issue Apr 19, 2017 · 0 comments

Comments

@lutzmor
Copy link

lutzmor commented Apr 19, 2017

On quickstart initialization, certificates should be generated.
Consider https://www.npmjs.com/package/ursa
or https://www.npmjs.com/package/node-rsa
or https://www.npmjs.com/package/node-forge (can generate both rsa and crt keys)

When initialized, the private key MUST NOT be committed (.gitignore it) but it should be echoed to the console so that the developer can store it somewhere.

An ssl cert should be generated from the key pair, and the server startup should support https on port 8443 (localhost). Note that when in production, it should actually be http only, as ssl termination should be at the load balancer for performance, as once in the docker weave network, ssl security is superfluous. Consider leaving getting https working for a later release unless there is demand.

As teams will be starting projects at separate times, they should generate their own keys, so the key generation should be checked on startup, just with a confirm if not in production. If in production, refuse to start the server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant