... | ... | @@ -67,7 +67,29 @@ sequenceDiagram |
|
|
|
|
|
```
|
|
|
|
|
|
## Registration Procedure from Agent Side
|
|
|
graph TD
|
|
|
A[Register] -->B{Regen certs}
|
|
|
B -->|No| C{Priv key}
|
|
|
B -->|Yes| D[Generate priv<br>key & CSR]
|
|
|
C -->|Exists|E{CA cert<br>& agent cert}
|
|
|
E -->|Exist|End
|
|
|
E -->|Don't exist|F[Generate CSR<br>using existing key]
|
|
|
F --> J
|
|
|
C -->|Doesn't exist|D
|
|
|
D --> G[Save key in file]
|
|
|
G --> H{Server<br>token}
|
|
|
H --> |Empty|J[Register <CSR, Agent token>]
|
|
|
H --> |Provided|I[Register <CSR, Server token>]
|
|
|
I --> K[Save CA cert & agent cert]
|
|
|
J --> K
|
|
|
K --> L{Server<br>token}
|
|
|
L --> |Provided|M[Ping over TLS]
|
|
|
M --> End
|
|
|
L --> |Empty|End
|
|
|
|
|
|
|
|
|
## TODO
|
|
|
|
|
|
- regenerating keys and certs due to comprise
|
|
|
- regenerating keys and certs due to compromise
|
|
|
- how to securely store CA key and cert on the server? |
|
|
\ No newline at end of file |