Add certificate disclaimer for TLS encryption (#8316)

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
This commit is contained in:
Nathan Lacey 2020-07-21 09:38:03 -07:00 committed by hashicorp-ci
parent d00b0a1fa2
commit 8513ad572d
1 changed files with 2 additions and 0 deletions

View File

@ -73,6 +73,8 @@ Certificate Authority. This can be a private CA, used only internally. The
CA then signs keys for each of the agents, as in CA then signs keys for each of the agents, as in
[this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/consul/security-networking/certificates). [this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/consul/security-networking/certificates).
~> Certificates need to be created with x509v3 extendedKeyUsage attributes for both clientAuth and serverAuth since Consul uses a single cert/key pair for both server and client communications.
TLS can be used to verify the authenticity of the servers or verify the authenticity of clients. TLS can be used to verify the authenticity of the servers or verify the authenticity of clients.
These modes are controlled by the [`verify_outgoing`](/docs/agent/options#verify_outgoing), These modes are controlled by the [`verify_outgoing`](/docs/agent/options#verify_outgoing),
[`verify_server_hostname`](/docs/agent/options#verify_server_hostname), [`verify_server_hostname`](/docs/agent/options#verify_server_hostname),