The CID Key uses straight SSL (TCP/443 with TLS 1.2) for communication with the Stratusphere Hub and Collectors based on the URI located within the mgrcert.pem file. All communications are signed using public private keys generated by the CID Key and Hub. The CID Key generates a 2048-bit RSA public private key pair and provides the public key to the Stratusphere Hub during registration. The Hub validates the CID Key on the newly registered machine based on host name and proceeds with the registration process by providing an X.509 based cert.txt file that contains settings for the CID Key within custom option fields. The CID Key receives the cert.txt file from the Hub and uses the Hub’s public key within the mgrcert.pem to verify it came from the Hub, and if so, goes ahead and begins using the new configuration settings within the cert.txt. From this point forward, the CID Key uses its private key to sign the payload it transmits to the Stratusphere Hub. The Hub uses the public key of the CID Key on that machine to validate it came from that CID Key on that machine before proceeding. All of this communication is within an encrypted SSL connection on TCP/443 using TLS 1.2.
