Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

TLS Configuration

Enabling TLS

The Memory Appliance supports TLS for both gRPC and Redfish APIs.

Generate Certificates

# Generate development certificates
cargo run --bin gen_certs

# Or use the provided script
./scripts/generate-dev-certs.sh

Configure TLS in config.json

{
  "features": {
    "disable_tls": false
  },
  "tls": {
    "cert_path": "/etc/smartforge/certs/server.crt",
    "key_path": "/etc/smartforge/certs/server.key",
    "ca_cert_path": "/etc/smartforge/certs/ca.crt"
  }
}

Client Configuration

gRPC with TLS

#![allow(unused)]
fn main() {
use tonic::transport::{Channel, ClientTlsConfig};

let tls = ClientTlsConfig::new()
    .ca_certificate(Certificate::from_pem(ca_cert))
    .domain_name("localhost");

let channel = Channel::from_static("https://localhost:50051")
    .tls_config(tls)?
    .connect()
    .await?;
}

Redfish with TLS

curl --cacert certs/ca.crt https://localhost:8080/redfish/v1/

Certificate Management

See CERTS.md for complete certificate management documentation.