Internal TLS: Use specific CA file for haproxy - apex-tripleo-heat-templates

diff options

author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-04-26 12:36:10 +0300
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-05-03 12:46:14 +0300
commit	82ff1acf035d277dd2e7b9d7fc6e060ab2415144 (patch)
tree	d8a799b2d00e610b14649e0f074838428684dba0 /puppet/upgrade_config.yaml
parent	e5b3b671eb82abeb8f4bae9bbf7df1d923439656 (diff)

Internal TLS: Use specific CA file for haproxy

Instead of using the CA bundle, this sets HAProxy to use a specific file for validating the certificates of the services it's proxying. This helps in two ways: * Improves performance since validation will check only one certificate. * Improves security since we're only the certificates signed by one CA are valid, instead of any certificate that the system trusts (which could include potentially compromised public certs). Change-Id: Id6de045b3c93c82d37e0b0657c17a3108516016a

Diffstat (limited to 'puppet/upgrade_config.yaml')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: