rhtyd commented on issue #2239: CLOUDSTACK-9993: Securing Agents Communications URL: https://github.com/apache/cloudstack/pull/2239#issuecomment-323718422 @wido all agent-mgmt server connections are encrypted and SSL enabled, based on a random cert that the mgmt server creates, stores and uses from `cloudmanagement.keystore` reading/updating from ssl.keystore global setting; and when agents connect to the mgmt server they use a trust-all-manager to trust any certificate presented to them. So, all cloudstack env have the connections encrypted, however not authenticated and secured in one or two-way SSL. For existing environments, after upgrade the auth strictness enforcement will be `'false`, however newer hosts/agents will be provisioned to use this new system to have CA certs etc stored in agents so they will have more secure SSL authentication, however, mgmt server will not perform additional trust validations and it will allow any clients (like it used to now). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
With regards, Apache Git Services
