Skip to content

SSL - basic configuration

For basic configuration single command from CLI can be used:

$ onteoncli ssl init-configuration
initialized: true

This will enable SSL configuration with default settings:

  • One-Way SSL configuration for API, Edge Balancer, Inner Balancer, Internal
  • Size for all private keys set to 4096
  • Validity time for root CAs set to 730 days
  • Rotation time for root CAs set to 365 days
  • Validity time for intermediate CAs set to 180 days
  • Rotation time for intermediate CAs set to 90 days
  • Validity time for server and client CAs set to 60 days
  • Rotation time for server and client CAs set to 30 days
  • All certificates will used default names for CN record in certificates and nothing more will be set (important in case of hostname verification)
  • Communication to applications running on different node will be done with proxy (Inner Balancer)
  • Communication to applications running on same node will be done directly with or without SSL (depends on what protocol application exposes)

Command can be configured as described here