Securing the polycubed daemon¶
Polycube uses a security model based on X509 certificates to secure polycube daemon to polycube cli communication.
In order to authenticate the server the
key parameters are needed.
# polycubed configuration file cert: path to server certificate key: path to server key
Polycubed supports thee different modes to perform client authentication.
Mode 3: Whitelist based¶
This mode allows to use already existing client certificates by providing the
cert-white-list parameter that is a folder containing hash named client certificates allowed to access polycubed.
See How to generate hash links to certificates.
# polycubed configuration file cert: /home/user/server.crt # server private key key: /home/user/server.key # folder with allowed certificates cert-white-list: /home/user/my_white_list/
To enable a secure connection to polycubed the user has configure the following parameters for polycubectl. See polycubectl configuration to get more details.
url: must start with
cert: client certificate
key: client private key
cacert: certification authority certificate that signed the server certificate