Rudder

Currently the curl invocations (get policy server's UUID / upload inventory) include the -k option, which means "insecure".

inventory/1.0/fusionAgent.cf:      "download_command"   string => "${g.rudder_curl} -L -k -1 -s -f --proxy '' -o \"${sys.workdir}/rudder-server-uuid.txt\" ${g.inventory_upload_protocol}://${server_info.cfserved}/uuid";
inventory/1.0/fusionAgent.cf:      "download_command_prefix"   string => "${g.rudder_curl} -L -k -1 -f -s --proxy '' --user ${g.davuser}:${g.davpw} -T";

This is "acceptable" if you have deployed self-signed certs for rudder root/relay, but if you tend to have an established trust to a CA, this adds an unnecessary and unconfigurable security softening.