New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[gateway] Improve support for SSL / TS and client authentication #1492

Closed
bcollard opened this Issue Sep 11, 2018 · 1 comment

Comments

Projects
None yet
4 participants
@bcollard

bcollard commented Sep 11, 2018

Today, when you click on "enable trust all" in an endpoint configuration, "enable client ssl" is automatically checked. This is a bit confusing if you suppose that "client ssl" refers to client certificate authentication.

So, you could re-design this UI part by:
A. removing the "enable client ssl" checkbox -> automatically set when you use a HTTPS scheme (#663)
B. changing the wording from "enable trust all" to "the gateway must trust any origin certificate"
C. adding an input file with label "custom trust store (CRT or JKS or P12). Warning! adding a custom trust store will overwrite CA certificates trusted by your JVM for this endpoint."
D. by default supporting CRT files rather than PEM files (moreover it's a bit confusing because PEM can handle private keys)
E. steps B. and C. are exclusives --> radio buttons?

F. saying all of this has nothing to do with client certificate handling
G. implement, later, client certificate authentication, with PEM file input OR {CRT file input + .key file input + passphrase on the key} OR {some other secrets file combination}. Keep in mind that CRT files can be DER encoded.

@brasseld brasseld added this to the 1.20.0 milestone Sep 12, 2018

@brasseld brasseld self-assigned this Sep 12, 2018

brasseld added a commit to gravitee-io/gravitee-definition that referenced this issue Oct 10, 2018

brasseld added a commit to gravitee-io/gravitee-gateway that referenced this issue Oct 10, 2018

brasseld added a commit to gravitee-io/gravitee-management-webui that referenced this issue Oct 10, 2018

@brasseld brasseld changed the title from [management-ui] enabling ssl on vertx toward origins supporting TLS to [gateway] Improve support for SSL / TS and client authentication Oct 10, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-gateway that referenced this issue Oct 15, 2018

brasseld added a commit to gravitee-io/gravitee-management-webui that referenced this issue Oct 15, 2018

brasseld added a commit to gravitee-io/gravitee-management-webui that referenced this issue Oct 15, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-management-webui that referenced this issue Oct 16, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-definition that referenced this issue Oct 16, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-management-webui that referenced this issue Oct 16, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-management-webui that referenced this issue Oct 16, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-gateway that referenced this issue Oct 16, 2018

@bcollard

This comment has been minimized.

bcollard commented Oct 19, 2018

Nice job! congrats & thank you :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment