status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add certificate disclaimer for TLS encryption (#8316) 

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
This commit is contained in:
Nathan Lacey 2020-07-21 09:38:03 -07:00 committed by hashicorp-ci
parent d00b0a1fa2
commit 8513ad572d
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
website/pages/docs/agent/encryption.mdx
View File

@ -73,6 +73,8 @@ Certificate Authority. This can be a private CA, used only internally. The
CA then signs keys for each of the agents, as in
[this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/consul/security-networking/certificates).
~> Certificates need to be created with x509v3 extendedKeyUsage attributes for both clientAuth and serverAuth since Consul uses a single cert/key pair for both server and client communications.
TLS can be used to verify the authenticity of the servers or verify the authenticity of clients.
These modes are controlled by the [`verify_outgoing`](/docs/agent/options#verify_outgoing),
[`verify_server_hostname`](/docs/agent/options#verify_server_hostname),