This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Caveats | |
1. The CN on the `Generate a Key and CSR for Riak Node` The CN section of the subject must match the FQDN of the server, or the certificate verification will fail. A wildcard (or SANs) may be used to avoid generating different certificates for different nodes (Particularly helpful when behind a load balancer). | |
1. If you are using your local machine to check/test add to /etc/hosts the node name | |
2. Note that a Mac machine uses an old version of OpenSSL (could be checked using `openssl version`) it will have problems with the generated certificates | |
1. Generated working certificates using Ubuntu with OpenSSL version OpenSSL 1.0.1f 6 Jan 2014. | |
2. In Mac, upgrading SSL and changing the symlink to point to the homebrew version works fine. Homebrew installed OpenSSL 1.0.2e 3 Dec 2015 works. | |
3. When testing with a browser, you WILL need to confirm the security exception. | |
4. Make sure that you disable the listener.http.internal and enable `listener.https.internal` on the Riak config. | |
5. Please e |