From c452b19267b772fcacfd3fe5d57ef6b1ae50dea6 Mon Sep 17 00:00:00 2001 From: Armon Dadgar Date: Mon, 7 Apr 2014 14:46:13 -0700 Subject: [PATCH] website: Document new TLS flags --- .../source/docs/agent/options.html.markdown | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/website/source/docs/agent/options.html.markdown b/website/source/docs/agent/options.html.markdown index 4cebb0cb0..3081a86a7 100644 --- a/website/source/docs/agent/options.html.markdown +++ b/website/source/docs/agent/options.html.markdown @@ -205,3 +205,27 @@ definitions support being updated during a reload. * `statsite_addr` - Equivalent to the `-statsite` command-line flag. +* `verify_incoming` - If set to True, Consul requires that all incoming + connections make use of TLS, and that the client provides a certificate signed + by the Certificate Authority from the `ca_file`. By default, this is false, and + Consul will not enforce the use of TLS or verify a client's authenticity. This + only applies to Consul servers, since a client never has an incoming connection. + +* `verify_outgoing` - If set to True, Consul requires that all outgoing connections + make use of TLS, and that the server provide a certificate that is signed by + the Certificate Authority from the `ca_file`. By default, this is false, and Consul + will not make use of TLS for outgoing connections. This applies to clients and servers, + as both will make outgoing connections. + +* `ca_file` - This provides a the file path to a PEM encoded certificate authority. + The certificate authority is used to check the authenticity of client and server + connections with the appropriate `verify_incoming` or `verify_outgoing` flags. + +* `cert_file` - This provides a the file path to a PEM encoded certificate. + The certificate is provided to clients or servers to verify the agents authenticity. + Must be provided along with the `key_file`. + +* `key_file` - This provides a the file path to a PEM encoded private key. + The key is used with the certificate to verify the agents authenticity. + Must be provided along with the `cert_file`. +