Page History
...
Rollout of certificates to Controllers and Agents depends on the following choice:
- Self-signed issued Certificates have to be deployed from individual certificate files made available to Controllers and Agents.
- There is no security gap in use of self-signed issued Certificates. When users store certificate files to Controllers and Agents then this proves that they trust the certificates.
- Private CA-signed Certificates are not deployed to Controllers and Agents. Instead, the CA Certificate is deployed that was used to sign individual certificates.
- The approach includes that any signing certificate signed by the CA will be accepted for deployment of scheduling objects.
- For better control which certificates are made available for deplyoment, users might decide to use a specific Intermediate Private CA.
- Public CA-signed Certificates are not created by users but are purchased from a trusted CA and therefore are not considered by the article.
Self-signed issued Certificates and Private CA Certificates are deployed to the <data>/config/private/trusted-x509-keys directory of Controller and Agent instances.
...
Overview
Content Tools