Add certificate disclaimer for TLS encryption (#8316)

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
This commit is contained in:
Nathan Lacey 2020-07-21 09:38:03 -07:00 committed by GitHub
parent 2c306e4083
commit ac6ab7c9f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions

View File

@ -73,6 +73,8 @@ Certificate Authority. This can be a private CA, used only internally. The
CA then signs keys for each of the agents, as in CA then signs keys for each of the agents, as in
[this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/consul/security-networking/certificates). [this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/consul/security-networking/certificates).
~> Certificates need to be created with x509v3 extendedKeyUsage attributes for both clientAuth and serverAuth since Consul uses a single cert/key pair for both server and client communications.
TLS can be used to verify the authenticity of the servers or verify the authenticity of clients. TLS can be used to verify the authenticity of the servers or verify the authenticity of clients.
These modes are controlled by the [`verify_outgoing`](/docs/agent/options#verify_outgoing), These modes are controlled by the [`verify_outgoing`](/docs/agent/options#verify_outgoing),
[`verify_server_hostname`](/docs/agent/options#verify_server_hostname), [`verify_server_hostname`](/docs/agent/options#verify_server_hostname),