• Alain Takoudjou's avatar
    Use certificate authority in erp5 stack, remove custom from slapos-master · 4dacf9a8
    Alain Takoudjou authored
    This commit allow to use certificate authority stack in erp5 stack to
    request apache certificate (in instance-balancer).
    if this is enabled (parameter: "certificate-authority": {"enable": true, ...}
    instance erp5 will request one more partition containing the CA, then publish the ca-url to balancer
    Instead of generated self-signed certificate in balancer, certificate will be signed on CA.
    
    The modification also allow to use the certificate in apache.conf for authentication (SSLVerifyClient require)
    by default it True in erp5 stack, the parameter "balancer": {"ssl-client-verify": false} will disable it
    
    - It's also possible to set a custom backend_path for each zope instance.
    "zope-partition-dict": {"service": {"backend-path": "/%(site-id)s/portal_slap", ...}}
    - If "ssl-client-verify" is false,
    it will be possible to add "ssl-authentication": true in zope-dict which will enable authentication on a specific zope service.
    Both features was customized in slapos-master sr, and was removed to be reimplemented in erp5 stack.
    4dacf9a8
__init__.py 2.37 KB