in order to setup SSL, a proxy container is deployed in front of our ask stack, it does reverse proxying and allows to connect to pillar on https:///pillar_api for example instead of http, I created a commit to install repo with required default files for SSL and ask https://github.com/coralproject/install/tree/master/proxyask , this config avoids CORS issues and accommodate proper proxy configuration for each of the apps ( pillar/cay/elkhorn/mongo)
a client must supply a working certificate from a well known root CA provider ( GoDaddy = good, RapidSSL=bad)
our SSL provider is RapidSSL, which is not a well known root CA provider, so I had to paste intermediary cert into our real certificate. Cay accepted that certificate fine, Elkhorn did not and gave error
TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
I had to point elkhorn to non ssl version of pillar to get around the error mentioned above
there is an issue with release version of Cay, master version works fine ( need to update release branch of Cay please )
I am unable to set trust to off by using environment switch - "TRUST=false,"