customized certificate not work about nebula HOT 7 OPEN

you should re-generate the certs, you could refer https://github.com/vesoft-inc/nebula-go/tree/master/nebula-docker-compose/secrets for generation and https://github.com/vesoft-inc/nebula-go/blob/master/nebula-docker-compose/docker-compose-ssl.yaml, https://github.com/vesoft-inc/nebula-go/blob/master/nebula-docker-compose/.env for usage in nebula

from nebula.

the password in nebula just encrypt like passout in openssl genrsa. e.g.

echo "123456" > passphrase.txt
openssl genrsa  -passout file:passphrase.txt -out privkey.pem 2048

# and then password_path should be passphrase.txt

from nebula.

@Ha0124 hi, thank you for your feedback. When you mentioned 'customized certificates,' are you referring to self-signed certificates? Or are you saying that these certificates have passwords?

If possible, could you provide any feasible solutions or implementations you have encountered or seen in other products?

from nebula.

When i try to use ssl encryption function following by https://docs.nebula-graph.io/3.6.0/7.data-security/4.ssl/ .
I try to use provided case from /tests, download it to local.
and then add
--password_path=/xx/xx/xx/test.ca.password
--key_path=/xx/xx/xx//nebula/test.ca.key
--cert_path=/xx/xx/xx/test.ca.pem
--enable_ssl=true
to nebula-graphd.conf nebula-metad.conf nebula-storaged.conf
but it doesn't work.

when i set --enable_ssl=false, the services can be linked.
Did the ssl encryption function has limits ?

from nebula.

After you configured the SSL information, did you restart the three services?

from nebula.

After the RSA key pair is generated using openssl genrsa command, we encrypted the RSA key pair using openssl rsa command with AES-256-CBC. The key file encrypted using AES-256-CBC is used to meet security requirements. However, nebula may not be able to parse such a key file.

from nebula.

if i doencrypt woth the cert ,will it be accepted in nebula?

from nebula.