Project

General

Profile

Actions

Architecture #18784

closed

Reuse agent certificates for HTTPS communication

Added by Alexis Mousset almost 4 years ago. Updated about 3 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Effort required:
Name check:
To do
Fix check:
To do
Regression:

Description

This is the parent ticket.

The main goal is to enforce certificate verification in all HTTPS calls.

To do so we will reuse existing agent certificates.


Subtasks 12 (0 open12 closed)

Architecture #18785: Add policy and root server certificates to the generated policiesRejectedActions
Architecture #18786: Persist policy server's certificate in ppkeysRejectedActions
Architecture #18787: Change http/curl calls to policy server to use the stored certificateRejectedAlexis MoussetActions
Architecture #18788: Use agent certificate in httpd configurationReleasedBenoît PECCATTEActions
Architecture #18789: Make initial policies ignore HTTPS certificate to allow TOFUReleasedBenoît PECCATTEActions
Architecture #19492: Add policy server certificate information to policiesReleasedAlexis MoussetActions
Architecture #19525: Read base64 hash in nodeslist.confReleasedBenoît PECCATTEActions
Architecture #19529: Add root.pem and policy-server.pem in node inputs ReleasedVincent MEMBRÉActions
Bug #19557: Compilation error: Path.of does not exist with Java 8ReleasedFrançois ARMANDActions
Bug #19587: Still a Path.of in TestRestFromFileDef.scalaReleasedRaphael GAUTHIERActions
Architecture #19674: Update SELinux config for new relayd filesReleasedBenoît PECCATTEActions
Architecture #19675: Restart HTTP clients when configuration changesReleasedBenoît PECCATTEActions

Related issues 1 (1 open0 closed)

Related to Rudder - Architecture #19542: clean-up pubkey case from inventory parsingNewActions
Actions

Also available in: Atom PDF