thedevopsmachine commented on issue #9167: URL: https://github.com/apache/trafficserver/issues/9167#issuecomment-1297883354
The primary use case is to be able to fetch a certificate from another location (e.g. Redis), parse it, maybe store it in a cache, then tell ATS to use that certificate when establishing the TLS session. Maybe some functions like: - ts.ssl.parse_server_certificate(certificatePemString, privateKeyPemString) - ts.ssl.set_server_certificate(x509) where the `parse_server_certificate` method returns the `x509` object required by the `set_server_certificate` method. Regarding the client certificate for mTLS, those methods might be: - ts.ssl.set_verify_client(certificationLevel, caCertificates) where the parameters correspond to the settings in the [sni.yaml config file](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/sni.yaml.en.html) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
