luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Add mention of auto_encrypt to mTLS requirements

This commit is contained in:
Kent 'picat' Gruber 2020-11-06 10:15:26 -05:00
parent c3aa90fe27
commit 9e1054097b
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/pages/docs/security/security-models/core.mdx
View File

@ -105,6 +105,16 @@ environment and adapt these configurations accordingly.
[CVE-2018-19653](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653) for more details. This is fixed
in 1.4.1.
- [`auto_encrypt`](/docs/agent/options#auto_encrypt) - Enables automated TLS certificate distribution for client
agent RPC communication using the Connect CA. Using this configuration a [`ca_file`](/docs/agent/options#ca_file)
and ACL token would still need to be distributed to client agents.
- [`allow_tls`](/docs/agent/options#allow_tls) - By default this is false, and should be set to true on server
agents to allow certificates to be automatically generated and distributed from the Connect CA to client agents.
- [`tls`](/docs/agent/options#tls) - By default this false, and should be set to true on client agents to
automatically request a client TLS certificate from the server's Connect CA.
**Example Server Agent TLS Configuration**
```hcl