TLS doc instructions with curl circumvent security by distributing private key

[darkn3rd]

Documentation

The documentation under Using Curl with Client authentication instructs users to use the node.key for REQUIREANY or REQUIREANDVERIFY. This has two problems:

• violates security as what should be a private key is not distributed and shared. This should never be demonstrated or recommended.
• doesn't show how to support to use client key to authenticate client.

The purpose of using REQUIREANDVERIFY is to make sure the client is authenticated to interact with Dgraph, as opposed to any client using https with dgraph service.

[minhaj-shakeel]

Github issues have been deprecated.
This issue has been moved to discuss. You can follow the conversation there and also subscribe to updates by changing your notification preferences.