cf-charmers team mailing list archive

[Cory Johns <cory.johns@xxxxxxxxxxxxx>]

I'm hoping that we can have a short Hangout session tomorrow (Friday)
with someone from Pivotal to answer some questions we have about how
SSL is supposed to be setup regarding the internal components,
particularly in regards to self-signed certificates.

The issue that we're running into when testing with self-signed
certificates is that the login service is attempting to contact the
uaa via its nats-published URL which goes through haproxy and thus
uses SSL, but the login service isn't white-listing the self-signed
cert that is being used and so is failing.

So, our main questions are:

1) Is it correct that UAA is registering an SSL URL (via haproxy) with
NATS, or should it be registering an internal URL directly to the
router

2) Is there a way that we're missing to get the internal CF components
to white-list a self-signed cert

Could we arrange a time (around 2pm PST would probably be best) to do
a quick G+ Hangout session to answer these questions and ensure we
understand how the routing and SSL are supposed to work for CF?

Thanks.