get.pme.sh/pnats@v0.0.0-20240304004023-26bb5a137ed0/test/configs/tls_cert_id.conf

get.pme.sh/pnats@v0.0.0-20240304004023-26bb5a137ed0/test/configs/tls_cert_id.conf (about)

     1  # TLS config file
     2  # We require client certs and pull the user from the cert itself.
     3  
     4  listen: 127.0.0.1:9333
     5  
     6  tls {
     7    # Server cert
     8    cert_file: "./configs/certs/server-cert.pem"
     9    # Server private key
    10    key_file:  "./configs/certs/server-key.pem"
    11    # Specified time for handshake to complete
    12    timeout: 2
    13    # Optional certificate authority for clients
    14    ca_file:   "./configs/certs/ca.pem"
    15    # Require a client certificate and map user id from certificate
    16    verify_and_map: true
    17  }
    18  
    19  # User authenticated from above in certificate.
    20  authorization {
    21    users = [
    22      {user: derek@nats.io, permissions: { publish:"foo" }}
    23    ]
    24  }