OrgGo/Mainflux.mainflux
1
0
Fork 0
mirror of https://github.com/mainflux/mainflux.git synced 2025-04-24 13:48:49 +08:00
Code Issues Projects Releases Wiki Activity
Mainflux.mainflux/certs
History
b1ackd0t 687505c833
NOISSUE - Remove Development Mode on Certs Creation (#1908) 
* Fix certificate creation in development mode

This commit removes certificate creation in development mode. Previously, the `MF_CERTS_VAULT_HOST` environment variable was not being properly checked, resulting in incorrect behavior when issuing certificates. This commit ensures that the correct mode is set based on the value of `MF_CERTS_VAULT_HOST`.

Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>

* Fix certificate revocation in README.md

The README.md file has been updated to clarify the process of revoking certificates. The previous instructions were incorrect, and the correct method is now provided. The certificates can be revoked using the `certs` service by providing the `thing_id` of the thing for which the certificate was issued.

```
curl -s -S -X DELETE http://localhost:9019/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json' -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}'
```

Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>

---------

Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
2023-10-18 11:48:47 +02:00
..
api
1890 - Update error encoding (#1891)
2023-08-24 15:09:23 +02:00
mocks
NOISSUE - Switch to Google Zanzibar Access control approach (#1919)
2023-10-15 22:02:13 +02:00
pki
MF-1506 - Group-based Access Control (#1716)
2023-06-14 12:40:37 +02:00
postgres
NOISSUE - Add More Linters (#1924)
2023-10-16 11:43:33 +02:00
tracing
Initial Commit: Add Tracing To Certs Service (#1850)
2023-07-12 11:48:29 +02:00
certs_test.go
MF-1506 - Group-based Access Control (#1716)
2023-06-14 12:40:37 +02:00
certs.go
NOISSUE - Change Share Client To Be AddPolicy (#1825)
2023-06-20 15:48:25 +02:00
doc.go
MF-1179 - Add a certificate service and certs endpoint to SDK (#1188)
2020-07-21 12:53:21 +02:00
README.md
NOISSUE - Remove Development Mode on Certs Creation (#1908)
2023-10-18 11:48:47 +02:00
service_test.go
NOISSUE - Add More Linters (#1924)
2023-10-16 11:43:33 +02:00
service.go
NOISSUE - Switch to Google Zanzibar Access control approach (#1919)
2023-10-15 22:02:13 +02:00

README.md

Certs Service

Issues certificates for things. Certs service can create certificates to be used when Mainflux is deployed to support mTLS. Certificate service can create certificates using PKI mode - where certificates issued by PKI, when you deploy Vault as PKI certificate management cert service will proxy requests to Vault previously checking access rights and saving info on successfully created certificate.

PKI mode

When MF_CERTS_VAULT_HOST is set it is presumed that Vault is installed and certs service will issue certificates using Vault API. First you'll need to set up Vault. To setup Vault follow steps in Build Your Own Certificate Authority (CA).

To setup certs service with Vault following environment variables must be set:

MF_CERTS_VAULT_HOST=vault-domain.com
MF_CERTS_VAULT_PKI_PATH=<vault_pki_path>
MF_CERTS_VAULT_ROLE=<vault_role>
MF_CERTS_VAULT_TOKEN=<vault_acces_token>

For lab purposes you can use docker-compose and script for setting up PKI in https://github.com/mteodor/vault

The certificates can also be revoked using certs service. To revoke a certificate you need to provide thing_id of the thing for which the certificate was issued.

curl -s -S -X DELETE http://localhost:9019/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json'   -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}'