Update website/content/docs/agent/options.mdx

Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
This commit is contained in:
Daniel Nephin 2021-07-29 12:38:30 -04:00 committed by GitHub
parent 7cf86dc2ab
commit efad0234f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions

View File

@ -2211,11 +2211,11 @@ This section documents all of the configuration settings that apply to Agent TLS
TLS is used by the HTTP API, server RPC, and xDS interfaces. Some of these settings may also be TLS is used by the HTTP API, server RPC, and xDS interfaces. Some of these settings may also be
applied automatically by [auto_config](#auto_config) or [auto_encrypt](#auto_encrypt). applied automatically by [auto_config](#auto_config) or [auto_encrypt](#auto_encrypt).
~> **Security Note:** The Certificate Authority (CA) specified by `ca_file` and `ca_path` ~> **Security Note:** The Certificate Authority (CA) specified by `ca_file` or `ca_path`
should use a private CA, not a public one. We also recommend using a separate CA for should be a private CA, not a public one. We recommend using a dedicated CA
Consul and not sharing the CA with any other systems. Any certificate signed by the which should not be used with any other systems. Any certificate signed by the
CA will be allowed to communicate with the cluster and a specially crafted certificate CA will be allowed to communicate with the cluster and a specially crafted certificate
signed by the CA can gain full read and write access to Consul. signed by the CA can be used to gain full access to Consul.
- `ca_file` This provides a file path to a PEM-encoded certificate - `ca_file` This provides a file path to a PEM-encoded certificate
authority. The certificate authority is used to check the authenticity of client authority. The certificate authority is used to check the authenticity of client