Skip to content

Add support of password file in loading SSL certificates #310

New issue
New issue
Open
Story
Open
Add support of password file in loading SSL certificates#310
Story
Labels
comp:managerRelated to Manager componentcomp:storage-proxyRelated to Storage proxy componentcomp:webserverRelated to Web Server component
Milestone
 
22.03
@adrysn

Description

@adrysn
adrysn
opened on Nov 25, 2021

Manager, Storage-Proxy, etc. supports HTTPS mode by loading SSL certificate chain. However, they cannot load the certificates encrypted with a pass phrase (password file). For more security, we are better to support the loading of SSL certificate chain with a pass phrase.

For example in Manager, the cert chain is loaded in the following lines:
https://github.com/lablup/backend.ai-manager/blob/d180e9b441b0ea95b9d4ae980191988621928019/src/ai/backend/manager/server.py#L589-L592

The load_cert_chain actually supports the password parameter, so we can just append a password file if exists. manager.toml should also support the ssl-password field under the [manager] section.

Target services: Manager, Storage-Proxy, Webserver, etc.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    comp:managerRelated to Manager componentcomp:storage-proxyRelated to Storage proxy componentcomp:webserverRelated to Web Server component

    Type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions