-
Notifications
You must be signed in to change notification settings - Fork 6
Server Authentication
Jason Heiss edited this page Feb 11, 2014
·
1 revision
Etch supports server authentication, where clients verify the authenticity of the server to which they are connecting, by virtue of SSL/HTTPS. To achieve server authentication:
- Configure the web server on your etch server(s) to support HTTPS
- Put the SSL cert for your SSL certificate authority (CA) in /etc/etch/ca.pem on your client via your etch client package (the Makefile for building client packages tries to do this by default, you just need to put a ca.pem file into the client directory before running make)
- Ensure that your etch clients are configured to use an https:// URL to your etch servers (the client uses 'https://etch' by default)
If /etc/etch/ca.pem exists and the etch client is talking to an https URL the client will abort if the etch server's SSL certificate doesn't match the certificate in ca.pem.