They're actually occasionally reaching out to grab remote resources
hosted over https based upon the incoming tuple. The remote resource
they are reaching out to requires client authentication as well, so the
certificate has to be signed by a specific CA. Currently I'm just using
a set of self-signed certs and a self-signed common root CA.
On 03/30/2015 02:12 PM, Derek Dagit wrote:
True, there are two other use cases that users commonly have:
YCAv2: Users go through a common proxy, since these certificates are also
host-based.
Data Highway: The DH servers query the storm registry server using yfor syntax
for the list of hosts (storm spouts) that have registered to receive data. SSL
certificates are generated for each virtual host in the registry service.
What external service is being connected to in this case?
--
Ben Gould
iNovex Information Systems, Inc
7240 Parkway Drive, Suite 140
Hanover, MD 21076
(410)292-1332
http://inovexcorp.com
