About SSL Certificates

GPU servers at Trooper.ai operate in a private, high-performance environment without direct public IPs or DNS domains. Classic SSL/TLS certificates require visible domains or IPs for CA verification – conditions our GPU servers don’t meet. Instead, we rely on:

• Self-signed TLS certificates, created by you and trusted manually.
• SSH key pairs to secure administrative access.

Both methods provide end-to-end encryption and strong identity assurance – even without public CA involvement.

🛠️ Step-by-Step Secure Setup

1. Self-Signed TLS on GPU Server

• Use tools like openssl to generate a certificate and private key.
• Configure your application (e.g., Jupyter, private API) to use this certificate.
• On your client machine, add your certificate to the trust store so connections are recognized as secure.

This ensures encrypted communication between your systems – confidential, authenticated, and efficient.

2. SSH Key-Based Access

• Generate an SSH key pair (ssh-keygen) on your workstation.
• Upload your public key to the server’s ~/.ssh/authorized_keys.
• Connect securely over SSH – no passwords, no brute-force risk, fully encrypted.

Full root access is provided via SSH, enabling complete control over your GPU server environment.

🚦 Official SSL for External Traffic via Gateway

External HTTPS traffic is handled by our Trooper.ai Gateway, which uses officially issued SSL certificates from public CAs. Internal server communication remains encrypted using your self-signed certificate or SSH key (optional).

flowchart LR
    Client["Client Browser/App"] -->|HTTPS (CA-signed)| Proxy["Trooper.ai Gateway (Proxy)"]
    Proxy -->|Secure Internal TLS/SSH| GPU["Trooper.ai GPU Server"]
    GPU -->|Compute Processing| GPU

This split architecture ensures:

• External trust via official SSL.
• Internal confidentiality using lightweight, self-managed TLS or SSH.

✅ Why this Setup is Safe and Efficient

1. Encrypted & Authenticated: All connections are TLS-secured or SSH-encrypted; clients verify your certificate or key, ensuring identity and privacy.

2. Full Control, No Dependency: You generate and manage your own certificates and keys. No reliance on third-party CAs or domain verification.

3. Fast, Flexible Deployment: Skip DNS/IP setups and CA processes – get GPU servers running quickly and securely.

4. Private, EU-Based Infrastructure: Servers are dedicated instances in GDPR-compliant EU data centers, with NAT, firewall protection, and no public IP exposure.

💡 Summary about SSL Certificates on GPU Servers

• External HTTPS: Handled by Trooper.ai Gateway with CA-signed certificates.
• Internal TLS/SSH: Secured by your self-signed certificate and SSH keys.
• Outcome: Secure, performant, and customer-controlled access setup – ideal for GPU-intensive applications.