1 Commits

Author SHA1 Message Date
Juan Antonio Osorio Robles
82ff1acf03 Internal TLS: Use specific CA file for haproxy
Instead of using the CA bundle, this sets HAProxy to use a specific file
for validating the certificates of the services it's proxying. This
helps in two ways:

* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
  are valid, instead of any certificate that the system trusts (which
  could include potentially compromised public certs).

Change-Id: Id6de045b3c93c82d37e0b0657c17a3108516016a
2017-05-03 12:46:14 +03:00