[doc][yba] Encryption in transit update #23027
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for infallible-bardeen-164bc9 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
aishwarya24
reviewed
Jun 27, 2024
docs/content/preview/yugabyte-platform/create-deployments/connect-to-universe.md
Outdated
Show resolved
Hide resolved
...preview/yugabyte-platform/security/enable-encryption-in-transit/add-certificate-hashicorp.md
Outdated
Show resolved
Hide resolved
...ontent/preview/yugabyte-platform/security/enable-encryption-in-transit/add-certificate-ca.md
Outdated
Show resolved
Hide resolved
iSignal
reviewed
Jul 12, 2024
...review/yugabyte-platform/security/enable-encryption-in-transit/add-certificate-kubernetes.md
Show resolved
Hide resolved
...ontent/preview/yugabyte-platform/security/enable-encryption-in-transit/add-certificate-ca.md
Outdated
Show resolved
Hide resolved
...ontent/preview/yugabyte-platform/security/enable-encryption-in-transit/add-certificate-ca.md
Outdated
Show resolved
Hide resolved
...ontent/preview/yugabyte-platform/security/enable-encryption-in-transit/add-certificate-ca.md
Outdated
Show resolved
Hide resolved
...ontent/preview/yugabyte-platform/security/enable-encryption-in-transit/add-certificate-ca.md
Outdated
Show resolved
Hide resolved
docs/content/preview/yugabyte-platform/security/enable-encryption-in-transit/trust-store.md
Outdated
Show resolved
Hide resolved
| For more information on connecting to TLS-enabled universes, refer to [Connect to clusters](../../security/enable-encryption-in-transit/#connect-to-clusters). | ||
| 1. Download the certificate. | ||
|
|
||
| - If you are connecting using a YSQL client (such as ysqlsh), click **Actions**, and choose **Download YSQL Cert**. |
There was a problem hiding this comment.
Suggested change
| - If you are connecting using a YSQL client (such as ysqlsh), click **Actions**, and choose **Download YSQL Cert**. | |
| - If you are connecting using a YSQL client (such as ysqlsh) and wish to verify the server's identity at the client, click **Actions**, and choose **Download Root CA Cert**. Supply this CA cert to the `ysqlsh` command in the `sslrootca` parameter as [shown here](https://www.yugabyte.com/blog/securing-yugabytedb-client-to-server-encryption/#verification-of-server-certificates) to enable the ysqlsh client to verify the server certificate. |
The information here needs a bit of a rewrite. The full story is described here - https://www.yugabyte.com/blog/securing-yugabytedb-client-to-server-encryption/#verification-of-server-certificates
In general, for YSQL clients, the user only needs the CA cert, similar to YSQL. The "YSQL cert" is only required if they have enabled postgres certificate auth as described in https://www.yugabyte.com/blog/securing-yugabytedb-client-to-server-encryption/#verification-of-client-certificates but this is not very common and it requires the user to perform additional steps to enable such auth. I think we can ignore this, if we want we can condense this section ("verification of client certificates") here.
docs/content/preview/yugabyte-platform/create-deployments/connect-to-universe.md
Outdated
Show resolved
Hide resolved
docs/content/preview/yugabyte-platform/create-deployments/connect-to-universe.md
Outdated
Show resolved
Hide resolved
docs/content/preview/yugabyte-platform/create-deployments/connect-to-universe.md
Outdated
Show resolved
Hide resolved
ddhodge
commented
Jul 12, 2024
...review/yugabyte-platform/security/enable-encryption-in-transit/add-certificate-kubernetes.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Sanketh I <sanketh@yugabyte.com>
jasonyb
pushed a commit
that referenced
this pull request
Jul 18, 2024
Summary: 7786cf7 [PLAT-12072][Platform] Implement Task Details Drawer 95fb188 [PLAT-14225] Implement v2 Group Mapping APIs 8e33f45 [PLAT-12085]: Modify the confirm modal box depending on the type of edit universe op 87fe4b8 [doc][yba] add OIDC URI example (#23222) c212f4b [docs] Logical replication explore docs sections (#23231) 0619b50 CDC Docs changes (#23234) 4823cd4 [doc][yba] Encryption in transit update (#23027) c5dd61b [PLAT-14344] Support Premium SSD V2 disks in azure YBA managed provider 4ca56cf [PLAT-6774] Enable changing RF for existing universe 4af129f [PLAT-14685] - improvement : Disable Gflags change if gflags belongs to ENHANCED_POSTGRES_COMPATIBILITY group Test Plan: Jenkins: rebase: pg15-cherrypicks Reviewers: jason, tfoucher Tags: #jenkins-ready Differential Revision: https://phorge.dev.yugabyte.com/D36695
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reorganize and update YBA encryption in transit section
DOC-342
DOC-358
@netlify /preview/yugabyte-platform/security/enable-encryption-in-transit