NCPA and SSL Cert
Posted: Tue Oct 28, 2014 1:38 pm
I have been getting some questions/concerns about the certificate used for the NCPA agent.
I looked through on GitHub and it looks like the agents creates it's own self-signed certificate.
We have our own certificates we like to use with stronger ciphers. Is it possible to use our own certificate?
Reason I ask is because this was brought to my attention on the 1.7 Coniguration page.
I also noticed this in the certificate.py code:
I could be wrong, probably am, but it looks like it looks for a cert, and if none found generate its own keypair?
So my question really is, does the agent support using other certs instead of it's own generated one. The Experimental tag is of concern.
I looked through on GitHub and it looks like the agents creates it's own self-signed certificate.
We have our own certificates we like to use with stronger ciphers. Is it possible to use our own certificate?
Reason I ask is because this was brought to my attention on the 1.7 Coniguration page.
Code: Select all
certificate
EXPERIMENTAL. Allows you to specify the file name for the SSL certificate you wish to use with the NCPA server. If left adhoc, a new self-signed certificate will be generated and used for the server.Code: Select all
def create_self_signed_cert(cert_dir, cert_file, key_file):
target_cert = os.path.join(cert_dir, cert_file)
target_key = os.path.join(cert_dir, key_file)
if not os.path.exists(target_cert) or not os.path.exists(target_key):
# create a key pair
k = OpenSSL.crypto.PKey()
k.generate_key(OpenSSL.crypto.TYPE_RSA, 1024)So my question really is, does the agent support using other certs instead of it's own generated one. The Experimental tag is of concern.