Guide: Enhanced Security for YoMo Network

YoMo supports in-transit encryption of communications between Zipper, Source, StreamFucntion using a central Certificate Authority(CA) .

YoMo allows operators and developers to bring in their own certificates, the scripts directory provides certificate generation scripts:

• generate_ca.sh
• generate_client.sh
• generate_server.sh

You can read it in the README.md (opens in a new tab) file to create the relevant certificate.

By default, we use the development development mode and do not perform mutual TLS authentication between the server and the client. In a production environment, it is strongly recommended you modify the following environment variables:

• YOMO_TLS_VERIFY_PEER, Set the value to true
• YOMO_TLS_CACERT_FILE, CA certificate
• YOMO_TLS_CERT_FILE, Certificate
• YOMO_TLS_KEY_FILE, Private Key

In Zipper, Source the StreamFucntion instance configures the corresponding certificate file respectively.

Refer to Example 3-multi-sfn run settings (opens in a new tab) and uncomment some of the settings.