Secure Consul¶
For security reasons, SEAL Systems strongly recommends configuring the TLS encryption.
Configure the TLS Encryption¶
The connection to Consul is secured by the TLS certificate located in the /opt/seal/etc/tls
directory. That means that after you have replaced the self-signed certificate enclosed in delivery by your own certificate in Secure the SEAL Operator Services the connection to Consul has already been secured.
Specify the CA Certificate (If Available)¶
This step is only required if your certificate contains a CA certificate. If the certificate exists, it is checked for validity when the connection is established.
-
Open the Consul configuration file:
/opt/seal/etc/consul.json
-
Insert the following lines in the first level, for example, above
acl_datacenter
:{ "ca_file": "/opt/seal/etc/tls/ca.pem", "verify_outgoing": true, "acl_datacenter": "dc1", ... }
Caution - JSON structure
Pay attention to keep the JSON structure in the Consul configuration file! For further information, refer to http://json.org/json-de.html.
-
Save the configuration file.
-
Restart the following service:
seal-consul-agent
Next Step¶
Continue with: Secure MongoDB