This topic describes high level steps required to configure an SSL mutual authentication between the Dgraph and an external machine. The authentication uses certificates signed by a certificate authority (CA). This setup may apply if your Dgraph and external machines are hosted outside the firewall, or if a two-way authentication is required between them.
An SSL-enabled client (such as the Integrator component of Oracle Endeca Information Discovery) may need to access the Dgraph securely. In such cases, a secure connection must be established between these servers by configuring the Dgraph for authentication with SSL certificates.
This procedure is an example of how you can establish a mutual (two-way) authentication. Treat this procedure as a high-level recommendation rather than the only way to establish a secure connection. Other steps may be required depending on your specific security requirements.
In this procedure, you create two signed certificates. First, you create a private key and send a Certificate Signing Request (CSR) to a CA from the external server. Next, you create a private key and send a CSR from the Dgraph. You can then start the Dgraph referencing the sslcertfile, which contains the Dgraph private key and the signed certificate.
To configure an SSL mutual authentication between the Dgraph and an external client: