Skip to main content
Version: 0.6.4

SSL/TLS configuration

Skytable lets you secure connections with TLS/SSL. This feature is built into Sky with OpenSSL and doesn't require you to have OpenSSL installed. You can enable SSL by using the configuration file or by using command-line arguments.

Step 1: Create a self-signed certificate and private key

This is outside the scope of this document, but you can read this guide on Stackoverflow to get a brief idea of creating one.

Step 2: Add it to your configuration and launch

With config files

Add the following block:

# This key is *OPTIONAL*
[ssl]
key = "/path/to/keyfile.pem"
chain = "/path/to/chain.pem"
port = 2004 # optional
only = true # optional to enable SSL-only requests

The above block is self-explanatory; you just have to add the paths to the private key and certificate files and add the port (if required) and set the server to only accept secure connections.

With command-line arguments

Simply start skyd with:

skyd -z cert.pem -k key.pem
Tip

You can pass the --sslonly flag to force the server to only accept secure connections, disabling the non-SSL interface. When this flag is not passed, and other SSL options are given the server listens to both SSL and non-SSL requests

Note

To use TLS with the Skytable shell (skysh) just run:

skysh -C /path/to/cert.pem --port [SSLPORT]

and you'll be on a secure connection. Don't forget the SSL port! The skytable daemon binds the secure listener on a different port when in multi-socket mode.