Project

General

Profile

Actions

Architecture #18786

closed

Architecture #18784: Reuse agent certificates for HTTPS communication

Persist policy server's certificate in ppkeys

Added by Alexis Mousset almost 4 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
Agent
Target version:
Effort required:
Name check:
To do
Fix check:
To do
Regression:

Description

Agents should persist policy server's certificate like we already do for policy server hash (which is a hash of the certificate's public key).

This allows preserving trust across agent reset and avoid mitm triggering a trust reset.

It also allows pre-shared trust at provisionning. We could recompute policy server hash from certificate, so that it's the only required information.

Actions

Also available in: Atom PDF