... | ... | @@ -24,8 +24,9 @@ Server certificate is set to be able to sign other certificates. It will be used |
|
|
Server certificate is delivered to agents so they can recognize and accept connections from the server.
|
|
|
|
|
|
When a new agent is being added to the server then an agent private key and agent certificate
|
|
|
are being generated by the server. Agent certificate is being signed by server private key.
|
|
|
Server stores agent's private key and certificate to use them to authenticate agent
|
|
|
are being generated on the agent machine. Agent certificate is sent to the server and is signed,
|
|
|
and then sent back to the agent.
|
|
|
Server stores agent's certificate to use them to authenticate agent
|
|
|
during connecting to the agent. They are also delivered to agent so they can be used by the agent to present its identity. This way the server can recognize that the agent is well known and connection can be established.
|
|
|
|
|
|
## Encryption
|
... | ... | @@ -34,7 +35,7 @@ Encryption is automatically established during preparing connection using gRPC w |
|
|
|
|
|
## Agent Keys Delivery
|
|
|
|
|
|
When a new agent is being added to the server then a private key and a certificate is being generated for this agent. They need to be delivered to the agent.
|
|
|
When a new agent is being added to the server then a private key and a certificate is being generated for this agent on the machine with the agent. They need to be delivered to the server.
|
|
|
|
|
|
The procedure looks as follows:
|
|
|
1. Administator logs into agent machine and downloads agent installation script and starts it: `curl https:/stork/agent-install.sh | sudo bash`. Downloaded script contains a URL address of the server.
|
... | ... | |