[GitHub] JBevillC commented on a change in pull request #3040: CIAB: Make the socks container optional

Wed, 05 Dec 2018 15:21:03 -0800 

JBevillC commented on a change in pull request #3040: CIAB: Make the socks 
container optional
URL: https://github.com/apache/trafficcontrol/pull/3040#discussion_r239276169
 
 

 ##########
 File path: docs/source/admin/quick_howto/ciab.rst
 ##########
 @@ -99,6 +99,68 @@ variables.env
 .. [2] Consider ``make -j`` to build quickly, if your computer can handle 
multiple builds at once.
 .. [3] Please do NOT use the Perl endpoints directly. The CDN will only work 
properly if everything hits the Go API, which will proxy to the Perl endpoints 
as needed.
 
+X.509 SSL/TLS Certificates
+=========================
+All components in Apache Traffic Control utilize SSL/TLS secure communications 
by default.  For SSL/TLS connections to properly validate within the "CDN in a 
Box" container network a shared self-signed X.509 Certificate Authority (CA) is 
generated at the first initial startup.  Additional self-signed wildcard 
certificates are generated for each container service and all delivery services 
of the CDN.  All certificates and keys are stored in the ``ca`` host volume 
which is located at ``infrastruture/cdn-in-a-box/traffic_ops/ca`` [4]_. 
+
+.. _ciab-x509-certificate-list:
+.. table:: Self-Signed X.509 Certificate List
+
+   
+---------------------------+-----------------------------------+------------------------------+
+   | Filename                  | Description                       | X.509 
CN/SAN                 |                  
+   
+===========================+===================================+==============================+
+   | CIAB-CA.crt               | Shared CA Certificate             | N/A       
                   |
+   
+---------------------------+-----------------------------------+------------------------------+
+   | infra.ciab.test.crt       | Infrastruture Certificate         | 
\*.infra.ciab.test           |
+   
+---------------------------+-----------------------------------+------------------------------+
+   | demo1.mycdn.ciab.test.crt | Demo1 Delivery Service Certificate| 
\*.demo1.mycdn.ciab.test     |
+   
+---------------------------+-----------------------------------+------------------------------+
+   | demo2.mycdn.ciab.test.crt | Demo2 Delivery Service Certificate| 
\*.demo2.mycdn.ciab.test     |
+   
+---------------------------+-----------------------------------+------------------------------+
+   | demo3.mycdn.ciab.test.crt | Demo3 Delivery Service Certificate| 
\*.demo3.mycdn.ciab.test     |
+   
+---------------------------+-----------------------------------+------------------------------+
 
 Review comment:
   Sounds good.  I'll update my .vimrc to not replace tabs with spaces.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to