Hi Richard,
Please read: http://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/hosts.html#security 4.11.2 is out, please consider using it instead of 4.11.1 as it has several bugfixes etc. In short, with all of your KVM hosts up and connected to mgmt server, first change the auth strictness global setting to true, then using API secure the hosts using the provisionCertificate API. In the UI, go to your hosts that don't show up as secure and click on the key button (a new button) to secure the host which calls the provisionCertificate API as well. - Rohit <https://cloudstack.apache.org> ________________________________ From: Richard Persaud <richard.pers...@macys.com> Sent: Monday, November 26, 2018 8:19:56 PM To: users@cloudstack.apache.org Subject: RE: secure hosts communications Thank you, Rohit. I am using 4.11.1 with a full KVM environment. They are showing unsecure with strictness set to true. What configuration needs to be adjusted to have the KVM hosts show secure? Regards, Richard Persaud From: Rohit Yadav <rohit.ya...@shapeblue.com> Sent: Saturday, November 24, 2018 2:02 PM To: users@cloudstack.apache.org Subject: Re: secure hosts communications ⚠ EXT MSG: Richard, Starting 4.11, agent and management servers will use an in-built CA framework to secured hosts. Only in case of KVM hosts you may see an insecure state, otherwise all KVM hosts (agents) and SSVM/CPVM agents will by default in Up state will be secured. There is an auth strictness setting that should be true. - Rohit <https://cloudstack.apache.org> ________________________________ From: Richard Persaud <richard.pers...@macys.com<mailto:richard.pers...@macys.com>> Sent: Saturday, November 24, 2018 4:21:24 AM To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> Subject: secure hosts communications Hello, Is there straight-forward to enable secure communications between the management and the hosts? I have looked at many documentations but am still unable to get the hosts to show a "secure" state. Regards, Richard Persaud rohit.ya...@shapeblue.com<mailto:rohit.ya...@shapeblue.com> www.shapeblue.com<https://isolate.menlosecurity.com/0/eJyrViotylGyUsooKSmw0tcvLy_XK85ILEhNyilN1UvOz1XSUSrKV7Iy1FEqyUwBqjM0MFaqBQDf4BCe> Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue * This is an EXTERNAL EMAIL. Stop and think before clicking a link or opening attachments. rohit.ya...@shapeblue.com www.shapeblue.com Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue