0a21f0a1d5
Enable SSL support for gearman. We also created an new SSLZuulBaseTest class to provide a simple way to use SSL end to end where possible. A future patch will enable support in zookeeper. Change-Id: Ia8b89bab475d758cc6a021988f8d79ead8836a9d Signed-off-by: Paul Belanger <pabelanger@redhat.com> |
||
|---|---|---|
| .. | ||
| README.rst | ||
| client.csr | ||
| client.key | ||
| client.pem | ||
| root-ca.key | ||
| root-ca.pem | ||
| root-ca.srl | ||
| server.csr | ||
| server.key | ||
| server.pem | ||
README.rst
Steps used to create our certs
# Generate CA cert $ openssl req -new -newkey rsa:2048 -nodes -keyout root-ca.key -x509 -days 3650 -out root-ca.pem -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=gearman-ca"
# Generate server keys $ CLIENT='server' $ openssl req -new -newkey rsa:2048 -nodes -keyout $CLIENT.key -out $CLIENT.csr -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=nodepool-$CLIENT" $ openssl x509 -req -days 3650 -in $CLIENT.csr -out $CLIENT.pem -CA root-ca.pem -CAkey root-ca.key -CAcreateserial
# Generate client keys $ CLIENT='client' $ openssl req -new -newkey rsa:2048 -nodes -keyout $CLIENT.key -out $CLIENT.csr -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=gearman-$CLIENT" $ openssl x509 -req -days 3650 -in $CLIENT.csr -out $CLIENT.pem -CA root-ca.pem -CAkey root-ca.key -CAcreateserial
# Test with geard # You'll need 2 terminal windows geard --ssl-ca root-ca.pem --ssl-cert server.pem --ssl-key server.key -d openssl s_client -connect localhost:4730 -key client.key -cert client.pem -CAfile root-ca.pem