Project

General

Profile

TLS configuration for separate SM and CM setup

Will Tan
Added 7 months ago

Hi,

I was testing a setup with separate SM and CM on different machine based on the following:
https://tigase.tech/issues/1478#note-10

and I assume that TLS should be configured in the CM portion

But seems like the Tigase setup is not recognizing the TLS configuration that I put in the init.properties.
The same configuration was working when the Tigase is combined together (SM and CM in the same instance)

When I tried to connect to the server through a PSI client, it showed that I have a self-signed cert rather than the cert in the configuration

I understand that this is based on Tigase 7.0.0 which is quite long ago but I would like to ask if there are any further requirement is needed for the CM/SM portion to activate TLS.

My TLS configuration portion (Working for single setup but not for separate):

--ssl-def-cert-domain = test.im

basic-conf/virt-hosts-cert-test.im = /opt/tigase-7.0.0/certs/test.im.pem

--vhost-tls-required = true
--hardened-mode=true

--vhost-anonymous-enabled = false
--vhost-register-enabled = false

Thanks.

Regards.


Replies (2)

(1)

Added by Will Tan 7 months ago

I found out what the issue is with the above, so the issue above can be ignored.

When I initially tried out the Tigase without setting the basic-conf/virt-hosts-cert-test.im,
the server generated a test.im.pem file in the certs folder and my PSI client is getting this generated self-signed cert instead of the one I defined.

As for the CM and SM on separate machine,
is there any updated documentation on this specific setup?
There are still some unintended behaviour that is not happening in a single setup which might be caused by my configuration.

Thanks.

Added by Wojciech Kapcia TigaseTeam 7 months ago

I'm glad that you figured it out. We are constantly working on updating documentation but I can't provide you with timeframe when CM/SM setup will be thoroughly revised.

    (1-2/2)