-
Task
-
Resolution: Done
-
Medium
-
None
-
None
Goal: Make sure nobody will sniff sensitive data sent between CertService's client and CertService
CoS:
- Certificates for CertService's client and CertService created automatically:
- OOM enhanced to create in the fly certs for CertService's client and CertService from the same self signed CA (one layer is enough)
- Created certificates and root CA should be stored in place where there can be easily replaced when expired (e.g. K8s secrets)
- CertService's client reconfigured to:
- mount certificate and use it in REST API call (scheme - https://);
- mount CA for server validation
- CertService reconfigured to:
- mount certificate
- expose only HTTPS endpoint and use generated certificate and CA
- require mutual TLS to authenticate client calls