Skip to content

francsw/clevis-HTTPS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sslcerts
sslcerts
 
 

Repository files navigation

clevis-HTTPS

Get Clevis/Tang to work with HTTPS

Assumptions

  • This was tested on Ubuntu Focal (20.04)
  • The SSL certificates are already installed on the Clevis client. Self signed also works.
  • Use the same FQDN that there certificate was created for.
  • Clevis uses curl to get the key from the tang server, so if it works with curl you're half way there, e.g. curl -v https://tang01.lab.local:7500
  • You've setup some reverse proxy to use the SSL certificate on the Tang server.
  • When you enroll the Tang key use https in your URL, e.g. /usr/bin/clevis luks bind -f -d "/dev/sda3" tang '{"url":"https://tang01.lab.local:7500"}'

Setup initram to use the SSL certs

  • Put the sslcerts script in /usr/share/initramfs-tools/hooks/sslcerts
  • Recreate the initram /usr/sbin/update-initramfs -u -k 'all'

About

Get Clevis/Tang to work with HTTPS

Resources

Readme

License

GPL-3.0 license
Activity

Stars

6 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages