Questions about TLS

(vladimir) #1

When should we use flag
flag.Bool("tls.use_system_ca", false, "Include System CA into CA Certs.")
from golang client?

(Rocky Sharma) #2

Maybe, when you generate your own signed CA file or may be also one from letsencrypt as they are system signed file.

Purchased one like from comodo or others , CA files are available in public directory, so it doesn’t require to point specially.

(vladimir) #3

When I using TLS for servers, is it TLS connections between replicas servers too?

(Daniel Mai) #4

Currently TLS connections are only between clients and servers, not between the servers themselves.

(vladimir) #5

How I can use TLS with zero server? If I using


it’s can do any person who knows ip.

(Daniel Mai) #6

Keep Zero in a private network accessible to the Server(s). It doesn’t need to have a public IP.

Currently TLS configuration is between clients and servers. Communication of Server-to-Server and Server-to-Zero is not encrypted, so it’s best to have them communicate within a private network.

(vladimir) #7

For high availability, I using 3 servers for replication in different data centers. And I need public IP for communication between servers.
Can I using 

for TLS communication between servers?

(Daniel Mai) #8

Servers can be in different data centers and be within the same private network.

Server-to-server communication will not happen over TLS at this time.

(James) #9

does docker swarm overlay network consider secure server to server?

(Daniel Mai) #10

Yes, setting up IPSec tunnels like Docker Swarm encrypted overlay networks would encrypt the network traffic between the Dgraph Servers.