Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added custom CA support in dispatcher and server for secure TLS connections #2266

Merged
merged 5 commits into from
Mar 18, 2025
Merged

added custom CA support in dispatcher and server for secure TLS connections #2266

merged 5 commits into from
Mar 18, 2025
+334 −121

Conversation

mekilis
Copy link
Collaborator

@mekilis mekilis commented Mar 16, 2025
edited
Loading

Support for Custom CA Certificates in Dispatcher

Overview

This feature is particularly useful for customers who need to interact with internal services behind a VPN or private infrastructure using self-signed certificates.

Configuration

Users can specify a custom CA certificate in the Dispatcher configuration using either a file path or a direct certificate string.

Dispatcher Configuration Fields

  • CACertPath: Path to the CA certificate file (PEM format). This certificate will be added to the trusted root CA pool.
  • CACertString: PEM-encoded CA certificate string. If provided, this will be used instead of reading from a file.

Example JSON Configuration

"dispatcher": {
    "ca_cert_path": "/path/to/ca.crt",
    
    OR
    
    "ca_cert_string": "-----BEGIN CERTIFICATE-----\n..."
}

Example Environment Variable Configuration

export CONVOY_DISPATCHER_CACERT_PATH=/path/to/ca.crt

OR

export CONVOY_DISPATCHER_CACERT_STRING="-----BEGIN CERTIFICATE-----..."

If both CACertPath and CACertString are provided, CACertString takes precedence.

jirevwe
jirevwe reviewed Mar 17, 2025
View reviewed changes
jirevwe
jirevwe reviewed Mar 17, 2025
View reviewed changes
@jirevwe jirevwe merged commit 4eb0808 into main Mar 18, 2025
4 checks passed
@jirevwe jirevwe deleted the smart-custom-ca branch March 18, 2025 10:25
jirevwe pushed a commit that referenced this pull request Mar 18, 2025
@mekilis @jirevwe
added custom CA support in dispatcher and server for secure TLS conne…
912fe50 
…ctions (#2266)

* added custom CA support in dispatcher and server for secure TLS connections

* added license check

* refactored ca cert

* refactored server.go
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jirevwe jirevwe

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mekilis @jirevwe