Open DMickens opened 2 years ago
blackeyepanda
commented
2 years ago ideally we should dynamically create these certifiactes/CA instead of storing them in the repo unless there are some specially needs.
sql-go client has some examples on how to create all these certificates you might be interested in. https://github.com/vertica/vertica-sql-go/blob/master/resources/tests/genCerts.sh
DMickens
commented
2 years ago ideally we should dynamically create these certifiactes/CA instead of storing them in the repo unless there are some specially needs.
sql-go client has some examples on how to create all these certificates you might be interested in. https://github.com/vertica/vertica-sql-go/blob/master/resources/tests/genCerts.sh
I like that. I would prefer that approach. I'll look into modifying that genCerts script for vertica-nodejs to cover this issue. I'm not sure if what is being generated right now would support mTLS
We have a tls folder that contains certificates and keys needed for testing tls in the driver. Some were added since forking from node-postgres and some are still old. We need to be able to test mutual TLS in the driver, but right now we don't have the correct certificates for it. We ought to have everything needed for someone to get configured without having to make any new certificates or keys on their own, so this would be CA keys and certificates for signing client and server certificates (maybe this could just be one CA that signs both). We need client key/certificate and server key/certificate. They should all be in PEM format. When creating we need to keep in mind the subjects needed for certificate verification in both server and mutual mode.