启用 SSL 连接#

This guide describes how to a SSL-enabled secure Flower server (SuperLink) can be started and how a Flower client (SuperNode) can establish a secure connections to it.

有关安全连接的完整代码示例,请参见 <https://github.com/adap/flower/tree/main/examples/advanced-tensorflow>`_ 。

The code example comes with a README.md file which explains how to start it. Although it is already SSL-enabled, it might be less descriptive on how it does so. Stick to this guide for a deeper introduction to the topic.

证书#

Using SSL-enabled connections requires certificates to be passed to the server and client. For the purpose of this guide we are going to generate self-signed certificates. As this can become quite complex we are going to ask you to run the script in examples/advanced-tensorflow/certificates/generate.sh with the following command sequence:

cd examples/advanced-tensorflow/certificates
./generate.sh

这将在 examples/advanced-tensorflow/.cache/certificates 中生成证书。

The approach for generating SSL certificates in the context of this example can serve as an inspiration and starting point, but it should not be used as a reference for production environments. Please refer to other sources regarding the issue of correctly generating certificates for production environments. For non-critical prototyping or research projects, it might be sufficient to use the self-signed certificates generated using the scripts mentioned in this guide.

Client (SuperNode)#

Use the following terminal command to start a client (SuperNode) that uses the previously generated certificates:

flower-client-app client:app
    --root-certificates certificates/ca.crt
    --server 127.0.0.1:9092

When setting root_certificates, the client expects a file path to PEM-encoded root certificates.

总结#

You should now have learned how to generate self-signed certificates using the given script, start an SSL-enabled server and have a client establish a secure connection to it.

补充资源#

如果您想更深入地了解证书主题,这些额外的资料来源可能有帮助: