Recommend SNI with TLS in the terminating gateway docs

This commit is contained in:
Kyle Havlovitz 2022-03-31 12:19:16 -07:00
parent f8efe9a208
commit 51527907ab
1 changed files with 3 additions and 0 deletions

View File

@ -30,6 +30,9 @@ from the terminating gateway will be encrypted using one-way TLS authentication.
and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections
from the terminating gateway will be encrypted using mutual TLS authentication.
~> Setting the `SNI` field is strongly recommended when enabling TLS to a service. If this field is not set,
Consul will not attempt to verify the Subject Alternative Name fields in the service's certificate.
If none of these are provided, Consul will **only** encrypt connections to the gateway and not
from the gateway to the destination service.