On Fri, Nov 30, 2018 at 12:56 PM Hank Beatty <[email protected]> wrote: > > +1 > > On 11/30/2018 02:43 PM, Rawlin Peters wrote: > > If you want your self-signed certs to be fully validated by the API, > > you will need to create an internal signing authority, sign your > > created certs using that internal signing authority, and install the > > internal signing authority certs on your TO servers. This is what I > > would recommend as it provides full verification of your "self-signed" > > certs because they will appear to be "real" certs and won't emit a > > warning from the API. That exercise is left up to the administrator. > > I know that this is outside Traffic Control but, do you know where I > could find some documentation on doing what you describe above? > > Thanks, > Hank
I briefly skimmed over these pages, but they seemed like they'd do the job: https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ https://thomas-leister.de/en/how-to-import-ca-root-certificate/ For cert validation purposes only, your internal root CA cert would only have to be installed on your TO servers (whether it be your local TO on your laptop or Prod TO) since TO will be validating the cert against the root CAs that have been installed on its system. - Rawlin
