[ https://issues.apache.org/jira/browse/CLOUDSTACK-9993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rohit Yadav resolved CLOUDSTACK-9993. ------------------------------------- Resolution: Fixed > Secure Agent Communications > --------------------------- > > Key: CLOUDSTACK-9993 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9993 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) > Reporter: Rohit Yadav > Assignee: Rohit Yadav > Fix For: Future, 4.11.0.0 > > > In current CloudStack, the agent-management server communication is weakly > secured by one way SSL authentication while encrypted and allows for any > client/agent to connect and be served by the management server. There are > other services that need TLS/SSL security and upcoming features such as > container/application service etc. require certificate management. The common > issue is CloudStack has no certificate management to provide security for its > internal component especially the agent-mgmt server and mgmt-mgmt server > communication. The aim of this feature is to provide pluggable CA > (certificate authority) management in CloudStack that can fetch/provision > certificates to (new) host(s) and systemvms. As a default CA plugin, a root > CA plugin will be implement where CloudStack becomes a self-signed Root > Certificate Authority. Developers will have option to implement further > integration with their TLS/SSL cert providers such as letsencrypt and other > vendors. -- This message was sent by Atlassian JIRA (v6.4.14#64029)