Secure Consul¶

For security reasons, SEAL Systems strongly recommends configuring the TLS encryption.

Configure the TLS Encryption¶

The connection to Consul is secured by the TLS certificate located in the C:\ProgramData\SEAL Systems\config\tls directory. That means that after you have replaced the self-signed certificate enclosed in delivery by your own certificate in Secure the SEAL Operator Services the connection to Consul has already been secured.

Specify the CA Certificate (If Available)¶

This step is only required if your certificate contains a CA certificate. If the certificate exists, it is checked for validity when the connection is established.

Open the Consul configuration file:

C:\ProgramData\SEAL Systems\config\consul.json

Insert the following lines in the first level, for example, above acl_datacenter:
```
{
  "ca_file": "C:\\ProgramData\\SEAL Systems\\config\\tls\\ca.pem",
  "verify_outgoing": true,
  "acl_datacenter": "dc1",
...
}
```
Caution - JSON structure

Pay attention to keep the JSON structure in the Consul configuration file! For further information, refer to http://json.org/json-de.html.
Save the configuration file.
Restart the following service:
- seal-consul-agent

Next Step¶

Continue with: Secure MongoDB