Using HTTPS with Self-Signed Certificates

Using HTTPS with Self-Signed Certificates

Using self-signed certificates is not recommended for production deployment as it is less secure, but it can be useful when testing a deployment. If you do not specify a key and a certificate in the TLS_KEY and TLS_CERT properties, grb_rs will generate them for you at startup. You can also specify your own self-signed certificate using TLS_KEY and TLS_CERT properties.

To use a self-signed certificate, you'll need to activate insecure mode by setting the TLS_INSECURE property:

When using this mode, the data will be encrypted over the wire, and the default port will be 443, but the certificate will not be validated.

On the client side, you will also need to activate this mode either by using the --tls-insecure flag or by setting the GRB_TLS_INSECURE environment variable:

> grbcluster --tls-insecure --server=https://server1 --password=pass nodes
https://server1 ALIVE  COMPUTE VALID   0  0  2  46h59m 9.79  0.50
https://server2 ALIVE  COMPUTE VALID   0  0  2  46h46m 8.75  0.00