Use certificate authority in erp5 stack, remove custom from slapos-master
This commit allow to use certificate authority stack in erp5 stack to request apache certificate (in instance-balancer). if this is enabled (parameter: "certificate-authority": {"enable": true, ...} instance erp5 will request one more partition containing the CA, then publish the ca-url to balancer Instead of generated self-signed certificate in balancer, certificate will be signed on CA. The modification also allow to use the certificate in apache.conf for authentication (SSLVerifyClient require) by default it True in erp5 stack, the parameter "balancer": {"ssl-client-verify": false} will disable it - It's also possible to set a custom backend_path for each zope instance. "zope-partition-dict": {"service": {"backend-path": "/%(site-id)s/portal_slap", ...}} - If "ssl-client-verify" is false, it will be possible to add "ssl-authentication": true in zope-dict which will enable authentication on a specific zope service. Both features was customized in slapos-master sr, and was removed to be reimplemented in erp5 stack.
Showing
Please register or sign in to comment