+1
> On Nov 30, 2018, at 3:47 PM, Dave Neuman <[email protected]> wrote:
>
> Traffic Control only supports a very limited few (one, maybe two), so we
> shouldn't need to worry about that.
>
> On Fri, Nov 30, 2018 at 3:14 PM Gray, Jonathan <[email protected]>
> wrote:
>
>> The instructions on adding a custom root CA to a server trust store are
>> going to vary by OS, Distro, and Major Rev.
>>
>> Jonathan G
>>
>>
>> On 11/30/18, 2:55 PM, "Rawlin Peters" <[email protected]> wrote:
>>
>> On Fri, Nov 30, 2018 at 12:56 PM Hank Beatty <[email protected]>
>> wrote:
>>>
>>> +1
>>>
>>> On 11/30/2018 02:43 PM, Rawlin Peters wrote:
>>>> If you want your self-signed certs to be fully validated by the
>> API,
>>>> you will need to create an internal signing authority, sign your
>>>> created certs using that internal signing authority, and install
>> the
>>>> internal signing authority certs on your TO servers. This is what I
>>>> would recommend as it provides full verification of your
>> "self-signed"
>>>> certs because they will appear to be "real" certs and won't emit a
>>>> warning from the API. That exercise is left up to the
>> administrator.
>>>
>>> I know that this is outside Traffic Control but, do you know where I
>>> could find some documentation on doing what you describe above?
>>>
>>> Thanks,
>>> Hank
>>
>> I briefly skimmed over these pages, but they seemed like they'd do the
>> job:
>>
>> https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
>> https://thomas-leister.de/en/how-to-import-ca-root-certificate/
>>
>> For cert validation purposes only, your internal root CA cert would
>> only have to be installed on your TO servers (whether it be your local
>> TO on your laptop or Prod TO) since TO will be validating the cert
>> against the root CAs that have been installed on its system.
>>
>> - Rawlin
>>
>>
>>
