-1

could somebody please explain why, when configuring a secure etcd cluster, we need to provide the client private key? Cf --key-file here: https://coreos.com/etcd/docs/latest/op-guide/security.html

I've never seen this in HTTPS 2 way ssl, for me, this key should never go out of the server.

Thanks for your help.

khaldoune
  • 121
  • 1
  • 2
  • 10
  • Questions on professional server- or networking-related infrastructure administration are off-topic for Stack Overflow unless they directly involve programming or programming tools. You may be able to get help on Server Fault. – Marcus Müller Oct 22 '17 at 21:30
  • 1
    You don't, and there is nothing in your link that states otherwise. What is being set there is the node's own private key. Read it again. – user207421 Oct 22 '17 at 22:18
  • @EJP Ok I'ill test and come back to you. Thanks for your answer. – khaldoune Oct 23 '17 at 09:58

1 Answers1

0

Further reading has clarified things for me, especially the example 3: https://coreos.com/etcd/docs/latest/op-guide/security.html

So --key-file and --peer-key-file are both the SERVER keys used by clients when ETCD acts as server, they may be different if we have two different keypairs for peers and clients.

It's clear now, the client's private key remains private :) So everything is OK.

khaldoune
  • 121
  • 1
  • 2
  • 10