Documentation


Using HTTPS with Self-Signed Certificates

Using self-signed certificates is not recommended for production deployment as it is less secure, but it can be useful when testing a deployment. When using this mode, the data will be encrypted over the wire, but the certificate will not be validated.

If you do not specify a key and a certificate in the TLS_KEY and TLS_CERT properties, grb_rs and grb_rsm will generate them for you at startup. You can also specify your own self-signed certificate using TLS_KEY and TLS_CERT properties.

To use a self-signed certificate, you will need to activate insecure mode by setting the following property for grb_rs:

TLS_INSECURE=true
MANAGER_INSECURE=true

At the same time, similar properties must be set for grb_rsm:

TLS_INSECURE=true

When using grbcluster, you will also need to activate this mode by using the --tls-insecure flag with the login command.

> grbcluster login --manager=https://mymanager:61080 --username=sysadmin --tls-insecure
info  : Using client license file '/Users/jones/gurobi.lic'
Password for sysadmin:
info  : User gurobi connected to https://mymanager:61080, session will expire on...

> grbcluster nodes
ID       ADDRESS               STATUS TYPE    LICENSE PROCESSING #Q #R JL IDLE %MEM  %CPU
b7d037db https://server1:61000 ALIVE  COMPUTE VALID   ACCEPTING  0  0  10 <1s  66.58 7.97
eb07fe16 https://server2:61000 ALIVE  COMPUTE VALID   ACCEPTING  0  0  1  <1s  66.58 9.62

When using other clients such as gurobi_cl, grbtune, you can set the the GRB_TLS_INSECURE environment variable. In the programming language APIs, there is also a CSTLSINSECURE parameter.