How do I use mTLS with the rqlite client?

[Martin Gignac]

Hi,

I've just set up an rqlite 7.21.4 cluster with mTLS, and after fighting with the setup I think I've got it working the way it's supposed to. I'm even able to use cURL to connect to the cluster with HTTPS by specifying the --cacert, --cert and --key flags.

However, I'm not able to figure out how to get the rqlite client to use mTLS as I don't see any flags in the client to configure a client certificate and key:

# rqlite -h
Options:

  -h, --help
      display help information

  -a, --alternatives
      comma separated list of 'host:port' pairs to use as fallback

  -s, --scheme[=http]
      protocol scheme (http or https)

  -H, --host[=127.0.0.1]
      rqlited host address

  -p, --port[=4001]
      rqlited host port

  -P, --prefix[=/]
      rqlited HTTP URL prefix

  -i, --insecure[=false]
      do not verify rqlited HTTPS certificate

  -c, --ca-cert
      path to trusted X.509 root CA certificate

  -u, --user
      set basic auth credentials in form username:password

  -v, --version
      display CLI version

Am I just missing something obvious?

Thanks,

-Martin

[Philip O'Toole]

I worked with Martin on this, on the rqlite Slack channel. I just made a change to the rqlite CLI code (on master), so he can build a new rqlite CLI which supports mTLS.

I'll officially release the new CLI as part of the 8.0 release (currently in development).

Philip

--
You received this message because you are subscribed to the Google Groups "rqlite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rqlite+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rqlite/219e35db-86ef-415e-a3ec-2f34907618f4n%40googlegroups.com.