Certificate Revocation List

scylladb / scylla-doc-issues

Repository for reporting issues about Scylla documentation (Deprecated)

2 stars 6 forks source link

Certificate Revocation List #851

Closed soyacz closed 2 years ago

soyacz commented 2 years ago

There was a change in Scylla that added functionality of Certificate Revocation List (CRL): https://github.com/scylladb/scylla/commit/a8bb4dcd28264837579281c462aff7d1c4cd6e82

annastuchlik commented 2 years ago

@elcallio I have two questions:

The option is "certficate_revocation_list: ". What is the example value?
Does it work for both node-to-node and client-to-node, or just one of them?

fgelcer commented 2 years ago

ping @elcallio

elcallio commented 2 years ago

Sorry, I email-replied to this previously. Here is what I wrote (for posterity):

See https://github.com/scylladb/scylla/commit/a8bb4dcd28264837579281c462aff7d1c4cd6e82 (config help).

There is no example value. It is a file, PEM-encoded CRL (certificate revocation list - https://en.wikipedia.org/wiki/Certificate_revocation_list). It is supported for both client and server encryption options (i.e. both CQL and node RPC).