Open simba23 opened 5 years ago
v6
commented
5 years ago @simba23 will review.
Thanks for the contributions, man!
It's a great addition because it shows how simple the TLS setup can be. Just generate the certificates, put them in a folder on each Vault, and add 2 lines to the Vault configuration.
I'll need to go back through and modify a lot of the curl stuff, though, to remove the --insecure flag and switch http to https.
v6
commented
5 years ago This branch doesn't have the updates from @pranta. I'll need to rebase and merge to make sure this is done on top of the latest develop.
Please keep this in mind for future reference, if you ever need to pull in the latest changes and "replay" your work on top of them, run git remote add upstream https://github.com/v6/super-duper-vault-train.git; git pull --rebase upstream develop, because this means your work is the last in the git log.
v6
commented
5 years ago Testing it now @simba23
v6
commented
5 years ago Mostly resolved after an hour of changing.
Now I just need to add s%http:%--capath /vagrant/certs https:%g on all of the API scripts, or use the command export CURLOPT_CAPATH=/vagrant/certs when compiling NSS.
https://curl.haxx.se/libcurl/c/CURLOPT_CAPATH.html
Or I can compile the certs into a bundle for use with the environment variable CURL_CA_BUNDLE, to avoid compiling an NSS.
v6
commented
5 years ago Squashed into this, along with some other changes I made: https://github.com/v6/super-duper-vault-train/pull/23
pls test before finalizing!