New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connect to rethinkdb over SSL with self-signed certificate #114
Comments
Yes, please use the JWK Store for storing the RootCA. Setting custom RootCAs is also quite dangerous and we should anticipate problems there. Using the JWK Store only trusted clients could update those CAs, so that's a first good step. |
And I want to keep the number of configuration and env options low :) |
If you need help with the JWK store let me know |
Aren't JWK stored in rethinkdb? |
Haha wow, I didn't think that one through. Spot on. |
Ok let's make it work then like the HTTP TLS certificates (CLI option and env var) |
I'm working on it |
that's actually better because compromise of a priviledged client would not allow for the rootca to be changed or read |
Over at compose they provide rethinkdb servers with self-signed certificates.
You can connect to them in this way: https://www.compose.io/articles/rethinkdb-and-ssl-think-secure/
basically by reading a certificate
and connecting with the TLS
I'm going to try to make it work. Are you interested in a Pull Request?
The text was updated successfully, but these errors were encountered: