Skip to content

Instantly share code, notes, and snippets.

@pogzie
pogzie / Quick and Dirty Riak SSL Signed Certificate.txt
Last active September 1, 2022 05:58
riak, self signed certificate, ssl, riak ssl
## Caveats
1. The CN on the `Generate a Key and CSR for Riak Node` The CN section of the subject must match the FQDN of the server, or the certificate verification will fail. A wildcard (or SANs) may be used to avoid generating different certificates for different nodes (Particularly helpful when behind a load balancer).
1. If you are using your local machine to check/test add to /etc/hosts the node name
2. Note that a Mac machine uses an old version of OpenSSL (could be checked using `openssl version`) it will have problems with the generated certificates
1. Generated working certificates using Ubuntu with OpenSSL version OpenSSL 1.0.1f 6 Jan 2014.
2. In Mac, upgrading SSL and changing the symlink to point to the homebrew version works fine. Homebrew installed OpenSSL 1.0.2e 3 Dec 2015 works.
3. When testing with a browser, you WILL need to confirm the security exception.
4. Make sure that you disable the listener.http.internal and enable `listener.https.internal` on the Riak config.
5. Please e