Document generation and updating of dhparams.
This commit is contained in:
parent
1c4e00e914
commit
9b8d5e3662
@ -170,6 +170,12 @@ Then:
|
||||
kubectl -n atat create secret tls azure-atat-code-mil-tls --key="[path to the private key]" --cert="[path to the full chain]"
|
||||
```
|
||||
|
||||
### Create the Diffie-Hellman parameters
|
||||
|
||||
Diffie-Hellman parameters allow per-session encryption of SSL traffic to help improve security. We currently store our parameters in KeyVault, the value can be updated using the following command. Note: Generating the new paramter can take over 10 minutes and there won't be any output while it's running.
|
||||
```
|
||||
az keyvault secret set --vault-name <VAULT NAME> --name <NAME OF PARAM> --value "$(openssl genpkey -genparam -algorithm DH -outform pem -pkeyopt dh_paramgen_prime_len:4096 2> /dev/null)"
|
||||
```
|
||||
---
|
||||
|
||||
# Setting Up FlexVol for Secrets
|
||||
|
Loading…
x
Reference in New Issue
Block a user