The provisioning system uses mTLS to authenticate endpoints and to encrypt all data exchanged between clients and servers.
In addition, a token based authentication layer is implemented to authenticate client requests at the call level. The provisioning system manages credentials mapping allowed service calls to SKU/client credentials. Such credentials will be provided by ATE clients.
- gRPC Authentication Guide. The system is
currently configured to use SSL/TLS with client side authentication. This is
sometimes referred to as
mTLS.
CompositeChannelCredentialsare used to integrate Call Credentials with Channel Credentials.
The following command generates keys and certificates for all endpoints. The
SubjectAltName is set to localhost. All clients should connect using this
address. See the script implementation for
more details.
config/dev/certs/gen_certs.shNote: At the moment, all client and services share the same root
certificate. Calling the gen_certs.sh script requires restarting all the
servers and clients.