Add Domain Controller Public Key to CLI Truststore

From NovaOrdis Knowledge Base
Revision as of 22:37, 20 March 2017 by Ovidiu (talk | contribs)
Jump to navigation Jump to search

External

Internal

Relevance

EAP 7

Overview

The management interface may be protected by configuring it to require all management traffic to go over SSL/TLS. This adds an additional layer of security by preventing management traffic to travel in clear over the network. SSL/TLS enablement on management interfaces is described here: Enabling SSL/TLS for Management Interfaces.

However, when the management interface is protected by SSL/TLS, but without additional configuration on CLI client side, the CLI does not recognizes by default the server certificate and challenges the user to manually accept the certificate:

TODO: try non-local auth and see if this works without manual challenge.

TODO: Mention if this only happens for local authentication.