πŸ“ Certificates

For information on creating certificates please consult the following documentation here certificates.

With the certificate at hand, the gateway has the following options to start as a https servers;

--tls-certificate= the certificate to use for secure connections [$TLS_CERTIFICATE]
--tls-key= the private key to use for secure connections [$TLS_PRIVATE_KEY]
--web-server-tls-certificate= the certificate to use for web server secure connections
--web-server-tls-key= the private key to use for web server secure connections
  • --tls-certificate takes a path to a certificate file (public.crt in this document) and --tls-key takes a path to a private key file (private.key in the document; note that it must be created without a password). Both the private key and certificate files are required in the gateway. These parameters can also be specified through environment variables TLS_CERTIFICATE and TLS_PRIVATE_KEY instead of being given through options.

  • --web-server-tls-certificate and --web-server-tls-key are for hosting web sites. Both are required only if you want to host web sites with https.

[email protected]:~/gateway/linux-amd64# ./gateway --metadata-server=metadata.staging.storewise.tech:443 --username=storewise --password=helloworld --access-key-id=585b7de01f04b22ce2c92c1f53adca268ab0c060 --secret-access-key=Io7LS3kov2f0hRJibEkQ9OeNNNgvPuWCNxW4oHwd --verbose --tls-certificate=public.crt --tls-key=private.key
2020-07-22T17:58:18.458Z DEBUG gateway/main.go:110 signing in to StoreWise
2020-07-22T17:58:18.769Z DEBUG gateway/main.go:121 initializing connections to metadata server
2020-07-22T17:58:18.769Z DEBUG gateway/main.go:129 initializing a storage service
2020-07-22T17:58:18.769Z DEBUG gateway/main.go:139 initializing a database service
2020-07-22T17:58:18.769Z DEBUG gateway/main.go:150 initializing an account manager
2020-07-22T17:58:18.769Z DEBUG gateway/main.go:153 initializing a transaction recorder
2020-07-22T17:58:18.769Z DEBUG gateway/main.go:156 initializing the API server
2020-07-22T17:58:18.770Z DEBUG grpc/connection.go:109 waiting until the current token expires {"duration": "59m59.999300351s"}
2020-07-22T17:58:18.770Z INFO gateway/main.go:199 web server is listening {"address": ":9300"}
2020-07-22T17:58:18.770Z INFO gateway/main.go:175 start listening with TLS {"address": ":9200", "version": "v0.4.9", "date": "2020-07-07 13:12:46"}

For self-signed certificates not signed by a authorized issuer --no-verify-ssl should be used when communicating with the aws-cli. This will bypass the SSL verification. For further information see reference here. This step is not necessary for certificates signed by any authorized issuers.