Difference between HTTP and Transport certificates

I've found this topic regarding automation of http certificate creation: generate http certificate non interactive, as I was wondering the same thing: why can't I use the same advanced feature of using a yaml file containing all my relevant information in order to generate my certificates for HTTP.

I know the difference of transport and http layer. but I'm wondering:

  • do they need to be different? (all the docker-compose examples are using the same for http and transport) if yes, why ?
  • is there a difference when calling the certutil tool with http option and cert option? or can I just re-use the cert option for my http certificates ?

thank you in advance for your explanations and/or best practices.

EDIT: the docker tag was added automatically, but I'm not asking about docker deployment specifically!

They don't, you can use the same certificates, however in some cases you should use different certificates for security.

For example, if you use a public CA like Let's encrypt to create your certificates and you your cluster is exposed on the internet, if you use the same certificate for http and transport anyone would be able to generate a certificate signed by the same CA and join a new node in your cluster.

Not sure if there is any difference, I never used the http option, but you can just re-use the cert option to create new certificates.

1 Like


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.