Skip to content

Commit

Permalink
Make explicit the requirement for at least one Service-endorsed RPC i…
Browse files Browse the repository at this point in the history 
…nterface
  • Loading branch information
@achamayou
achamayou committed Sep 8, 2023
1 parent 7ae7f7a commit b2600da
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions doc/operations/certificates.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@ Unendorsed, self-signed (CA) service certificates are a complication for clients

3. Each interface defined in the ``cchost`` configuration file can be given the name of an ACME configuration to use. The settings of each ACME configuration are defined in ``network.acme`` :doc:`configuration entry </operations/configuration>`. Note that this information is required by *all* nodes as they might have to renew the certificate(s) later. Further, an additional interface for the challenge server is required.

.. note:: ACME-endorsed interfaces *cannot* be used by new nodes to join a service, since they are not endorsed by the service certificate. Therefore, at least one interface must be configured to use "Service" as an endorsement authority.

The various options are as follows:

.. code-block:: python
Expand Down

0 comments on commit b2600da

Please sign in to comment.