Update website/content/docs/agent/options.mdx
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
This commit is contained in:
Daniel Nephin
GitHub
parent
7cf86dc2ab
commit
efad0234f4
|
|
@ -2211,11 +2211,11 @@ This section documents all of the configuration settings that apply to Agent TLS
|
||||||
TLS is used by the HTTP API, server RPC, and xDS interfaces. Some of these settings may also be
|
TLS is used by the HTTP API, server RPC, and xDS interfaces. Some of these settings may also be
|
||||||
applied automatically by [auto_config](#auto_config) or [auto_encrypt](#auto_encrypt).
|
applied automatically by [auto_config](#auto_config) or [auto_encrypt](#auto_encrypt).
|
||||||
|
|
||||||
~> **Security Note:** The Certificate Authority (CA) specified by `ca_file` and `ca_path`
|
~> **Security Note:** The Certificate Authority (CA) specified by `ca_file` or `ca_path`
|
||||||
should use a private CA, not a public one. We also recommend using a separate CA for
|
should be a private CA, not a public one. We recommend using a dedicated CA
|
||||||
Consul and not sharing the CA with any other systems. Any certificate signed by the
|
which should not be used with any other systems. Any certificate signed by the
|
||||||
CA will be allowed to communicate with the cluster and a specially crafted certificate
|
CA will be allowed to communicate with the cluster and a specially crafted certificate
|
||||||
signed by the CA can gain full read and write access to Consul.
|
signed by the CA can be used to gain full access to Consul.
|
||||||
|
|
||||||
- `ca_file` This provides a file path to a PEM-encoded certificate
|
- `ca_file` This provides a file path to a PEM-encoded certificate
|
||||||
authority. The certificate authority is used to check the authenticity of client
|
authority. The certificate authority is used to check the authenticity of client
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue