Hi Zhongqiang, Yes, you are right. TLS implementation relies on digital certificates which are usually obtained from a trusted CA. In my experience, many organizations establish their own internal CAs to issue certificates for their internal networks, thus acting as trusted issuers for various services within the organization.
In scenarios where an internal CA infrastructure is not available and we want to avoid a public trusted CA because they are paid, services may resort to using self-signed certificates. To establish trust in these self-signed certificates, clients must be explicitly configured to recognize them — either by installing them into the client's native trust store or by using a custom trust store that includes these certificates. These certificates are securely distributed to all relevant client-hosting machines using an out-of-band method. Once the trust store is properly configured, the client-side TLS settings can be adjusted to reference this trust store, thereby ensuring secure communication Chandni On Mon, Sep 18, 2023 at 5:18 AM Zhongqiang Chen <zhongqiangc...@apache.org> wrote: > > > > > > Hi Chandni, > > I have a question about how to implement TLS handshake and how to obtain > the certificate? > Based on my understanding, TLS implementation generally relies on digital > certificates which are obtained from a trusted certificate authority (CA). > It requires some money to obtain a CA certificate. > Thanks, > Zhongqiang Chen > > > > At 2023-09-15 06:34:02, "Chandni Singh" <singh.chan...@gmail.com> wrote: > >Hello Celeborn community, > > > >We have a proposal to add authentication to Celeborn: > > > https://docs.google.com/document/d/1D1U2COYhS3ob7l0t2WghRhBk_Fci9RGx-2FBXA3nvXk/edit#heading=h.m97qw1fpl5kv > > > >Would really appreciate feedback from the community on this proposal. > > > >Please let me know if there is a particular format that the Celeborn > >community follows for proposals and I will convert it into that format. > > > >Thank you > >Chandni >
