c00w
commented
11 years ago So bootstrapping from an inactive gatekeeper might be very difficult, most likely we're going to have to make an encrypted backup of the root ca on the orchestrator?
Open c00w opened 11 years ago
c00w
commented
11 years ago So bootstrapping from an inactive gatekeeper might be very difficult, most likely we're going to have to make an encrypted backup of the root ca on the orchestrator?
c00w
commented
11 years ago See https://www.openssl.org/docs/HOWTO/keys.txt for how to generate keys & certificates
We probably want DSA not RSA
c00w
commented
11 years ago See http://golang.org/pkg/net/http/#Server.ListenAndServeTLS for how to switch to https
c00w
commented
11 years ago Probably just do it on orchestrator first.
c00w
commented
11 years ago If you want to do it in the binary see
Actually generate a root CA and setup https everywhere for a deployment.