Enable SSL connections¶
This guide describes how to a SSL-enabled secure Flower server (SuperLink) can be
started and how a Flower client (SuperNode) can establish a secure connections to
it.
A complete code example demonstrating a secure connection can be found here.
The code example comes with a README.md file which explains how to start it.
Although it is already SSL-enabled, it might be less descriptive on how it does so.
Stick to this guide for a deeper introduction to the topic.
Certificats¶
Using SSL-enabled connections requires certificates to be passed to the server and
client. For the purpose of this guide we are going to generate self-signed certificates.
As this can become quite complex we are going to ask you to run the script in
examples/advanced-tensorflow/certificates/generate.sh with the following command
sequence:
cd examples/advanced-tensorflow/certificates
./generate.sh
This will generate the certificates in
examples/advanced-tensorflow/.cache/certificates.
The approach for generating SSL certificates in the context of this example can serve as an inspiration and starting point, but it should not be used as a reference for production environments. Please refer to other sources regarding the issue of correctly generating certificates for production environments. For non-critical prototyping or research projects, it might be sufficient to use the self-signed certificates generated using the scripts mentioned in this guide.
Server (SuperLink)¶
Use the following terminal command to start a sever (SuperLink) that uses the previously generated certificates:
flower-superlink
--ssl-ca-certfile certificates/ca.crt
--ssl-certfile certificates/server.pem
--ssl-keyfile certificates/server.key
When providing certificates, the server expects a tuple of three certificates paths: CA certificate, server certificate and server private key.
Client (SuperNode)¶
Use the following terminal command to start a client (SuperNode) that uses the previously generated certificates:
flower-supernode
--root-certificates certificates/ca.crt
--superlink 127.0.0.1:9092
When setting root_certificates, the client expects a file path to PEM-encoded root
certificates.
Conclusion¶
You should now have learned how to generate self-signed certificates using the given script, start an SSL-enabled server and have a client establish a secure connection to it.
Additional resources¶
Ces sources supplémentaires peuvent être pertinentes si tu souhaites approfondir le sujet des certificats :