[JENKINS-36871] Let users discover the instance identity fingerprint
- We will be asking users who wish to ensure a secure path for their JNLP agents to validate the fingerprint before initial connection (which leverages TLS encryption of the http end-point and trust by the JNLP agent of the Jenkins Master's HTTPS TLS certificate) - The fingerprint will then be used to validate the JNLP self-signed TLS certificate in order to ensure that the agent is talking to the master without fear of MiM - We need to use self-signed TLS certificates for the JNLP connection as we need these to be unique to the Jenkins master and if we let users provide their own then they would end up re-using... in any case it is simpler to leverage the strength of the HTTPS TLS certificate as that is at least the one certificate that users have a hope of understanding how to validate. - Thus we need a mechanism for users to verify the fingerprint. This root action provides that mechanism
Loading
Please register or sign in to comment