ningyougang commented on issue #2427: Support client certificate on cli and nginx URL: https://github.com/apache/incubator-openwhisk/pull/2427#issuecomment-311849656 @csantanapr , for your suggestions * Why not have the cert and key be compiled as a resource into the wsk CLI binary? answer: because different user should have different cert/key, so compiled cert/key as a resource into wsk CLI binary for every user is not a good idea. User should execute cmd `wsk -i property set --cert XX --key XX...` only one time, the cert/key will store in ~/.wskprops. In our case is that our company has deployed the openwhisk in our commany inner. our company has generated the client-ca.pm, and also generated the cert.pem for every user using their own `emploeeId` which is included in subj's `CN`. Above actions are done by our securiy team, so as common emploee, we hava no need to learn openssl tool. emploee only can download their own client cert/key in comany's website. After download it to local desktop and download wsk client tool, we can execute `wsk property set --cert {certPath} --key {keyPath}...` to access our own openwhisk env. * For docs. answer: i will add the docs on cli.md * Testing answer: i will add some negative tests for support this. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
With regards, Apache Git Services
