Project

General

Profile

Architecture #19492

Updated by Alexis Mousset over 3 years ago

We need: 

 * The root and parent policy server's certificate in .pem format, in the @inputs/certs@ inputs folder: 

   * @root.pem@ 
   * @policy-server.pem@ 

 * A hash of the policy server public key in @rudder.json@ on all nodes, named @POLICY_SERVER_KEY_HASH@. This format is the one used in "HPKP":https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning#extracting_the_base64_encoded_public_key_information :  

 <pre> 
 openssl x509 -in my-certificate.pem -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 
 </pre> 

 This hash should also be displayed in the node details.

Back