mirror of https://github.com/status-im/consul.git
Update website/content/docs/agent/options.mdx
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
This commit is contained in:
parent
9f02119314
commit
20537d8952
|
@ -2211,11 +2211,11 @@ This section documents all of the configuration settings that apply to Agent TLS
|
|||
TLS is used by the HTTP API, server RPC, and xDS interfaces. Some of these settings may also be
|
||||
applied automatically by [auto_config](#auto_config) or [auto_encrypt](#auto_encrypt).
|
||||
|
||||
~> **Security Note:** The Certificate Authority (CA) specified by `ca_file` and `ca_path`
|
||||
should use a private CA, not a public one. We also recommend using a separate CA for
|
||||
Consul and not sharing the CA with any other systems. Any certificate signed by the
|
||||
~> **Security Note:** The Certificate Authority (CA) specified by `ca_file` or `ca_path`
|
||||
should be a private CA, not a public one. We recommend using a dedicated CA
|
||||
which should not be used with any other systems. Any certificate signed by the
|
||||
CA will be allowed to communicate with the cluster and a specially crafted certificate
|
||||
signed by the CA can gain full read and write access to Consul.
|
||||
signed by the CA can be used to gain full access to Consul.
|
||||
|
||||
- `ca_file` This provides a file path to a PEM-encoded certificate
|
||||
authority. The certificate authority is used to check the authenticity of client
|
||||
|
|
Loading…
Reference in New Issue