MeshAgent icon indicating copy to clipboard operation
MeshAgent copied to clipboard
verified publisher icon Ylianst

Feat/agent validate webcert

Open HuFlungDu opened this issue 1 year ago • 1 comments

Added an option to have the agent validate the webcert of the server to which it is connected. This is valuable in the case of a DNS hijack or MITM, which currently is possible if a bad actor can gain access to the meshcentral agent cert, and that cert can't be rotated or expired.

This is accomplished by adding validateWebCert=true in the msh file. It will continue to run as normal until such time as that value is set.

Once this is gone over, I will create a PR in the Meshcentral repo to update the meshcore and add a config option to have this option set on your agents by default.

HuFlungDu avatar Oct 07 '24 23:10 HuFlungDu

@Ylianst , Can I get a description of what would need to be implemented in order for this or something that accomplishes this effect to be merged?

HuFlungDu avatar Dec 03 '24 21:12 HuFlungDu