Skip to content

Commit

Permalink
Update enable-tls-between-components.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Grace Cai <[email protected]>
  • Loading branch information
@lhy1024 @qiancai
lhy1024 and qiancai authored Oct 14, 2024
1 parent cfe5026 commit 849c5ec
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion enable-tls-between-components.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ Currently, it is not supported to only enable encrypted transmission of some spe

In general, the callee needs to verify the caller's identity using `Common Name`, in addition to verifying the key, the certificates, and the CA provided by the caller. For example, TiKV can only be accessed by TiDB, and other visitors are blocked even though they have legitimate certificates.

To verify component caller's identity, you need to mark the certificate user identity using `Common Name` when generating the certificate, and to check the caller's identity by configuring the `cluster-verify-cn` (for the TiDB component) or `cert-allowed-cn` (for other components) for the callee.
To verify the caller's identity for a component, you need to mark the certificate user identity using `Common Name` when generating the certificate, and check the caller's identity by configuring `cluster-verify-cn` (in TiDB) or `cert-allowed-cn` (in other components) for the callee.

> **Note:**
>
Expand Down

0 comments on commit 849c5ec

Please sign in to comment.