Using HTTPS with Self-Signed Certificates
Using self-signed certificates is not recommended for production deployment as it is less secure, but it can be useful when testing a deployment. When using this mode, the data will be encrypted over the wire, but the certificate will not be validated.
If you do not specify a key and a certificate in the TLS_KEY and TLS_CERT properties, grb_rs and grb_rsm will generate them for you at startup. You can also specify your own self-signed certificate using TLS_KEY and TLS_CERT properties.
To use a self-signed certificate, you will need to activate insecure mode by setting the following property for grb_rs:
TLS_INSECURE=true MANAGER_INSECURE=true
At the same time, similar properties must be set for grb_rsm:
TLS_INSECURE=true
When using grbcluster, you will also need to activate this mode by using the --tls-insecure flag with the login command.
> grbcluster login --manager=https://mymanager:61080 --username=sysadmin --tls-insecure info : Using client license file '/Users/jones/gurobi.lic' Password for sysadmin: info : User gurobi connected to https://mymanager:61080, session will expire on... > grbcluster nodes ID ADDRESS STATUS TYPE LICENSE PROCESSING #Q #R JL IDLE %MEM %CPU b7d037db https://server1:61000 ALIVE COMPUTE VALID ACCEPTING 0 0 10 <1s 66.58 7.97 eb07fe16 https://server2:61000 ALIVE COMPUTE VALID ACCEPTING 0 0 1 <1s 66.58 9.62
When using other clients such as gurobi_cl, grbtune, you can set the the GRB_TLS_INSECURE environment variable. In the programming language APIs, there is also a CSTLSINSECURE parameter.
