forked from xchapter7x/docs-pivotalcf-console
-
Notifications
You must be signed in to change notification settings - Fork 0
/
_router_app_tls_pcf.html.md.erb
14 lines (7 loc) · 1.17 KB
/
_router_app_tls_pcf.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
Verifying app identity using TLS improves resiliency and consistency for app routes.
<p class='note'><strong>Note:</strong> This feature does not work if the <strong>Disable SSL certificate verification for this environment</strong> checkbox is selected in the <strong>Networking</strong> pane of the <%= vars.app_runtime_abbr %> tile.</p>
The **App Containers** pane of the <%= vars.app_runtime_abbr %> tile includes these options under **Gorouter app identity verification**:
* **The Gorouter uses TLS to verify app identity:** Enables the Gorouter to verify app identity using TLS. This is the default option.
* **The Gorouter and apps use mutual TLS to verify each other's identity:** Enables the Gorouter and your apps to verify each other's identity using TLS.
<p class='note breaking'><strong>Breaking Change:</strong> If you have mutual TLS app identity verification enabled, app containers accept incoming communication only from the Gorouter. This disables TCP routing.</p>
To enable TLS to backends running on Windows cells, the same options can be configured under **(Beta) Enable TLS Connections From Router To Applications** on the **Advanced Features** tab of the Windows tile.