Jump to content

VRT System/SSL

From Wikitech

To create SSL keys you can easily follow the steps here (https://wikitech.wikimedia.org/wiki/Cergen) but with the following exceptions:

  • The template you create must not have a password defined as this will result in an encrypted key and envoy proxy will not be able to use it.
  • To resolve the above, do not include a password in your template. A sample template is shown below:
ticket-test.discovery.wmnet:
  authority: puppet_ca
  expiry: null
  alt_names: ["name.example.com",  ...]
  key:
    algorithm: ec