How to configure built-in SSL?
MCC allows us to easily distribute SSL CA certificates across all network nodes. These certificates are installed on each network node as trusted. After that any application can access web sites that use certificates signed by CA like any other trusted web site.
To accomplish this specify ssl-install=true
in the main configuration file
and supply a path to your SSL CA certificate using
ssl-certificates
.
After that restart MCC and your certificate(s) will be distributed across all network nodes. Distribution happens incrementally, i.e. if you do not update your certificate, then no updates are sent over the network periodically.
Certificate installation into a trusted store happens via ssl-manage-script
.
We provide default script that should work on most of Linux distributions as well as on MacOS.
Please note that recent MacOS interactively request your password via graphical UI to install the certificate in the trusted store.
If certificate installation does not work on your system,
please adjust trusted store paths in the default script under /usr/libexec/mcc-ssl
path.