Improvement: Enable secure SSL certificate and hostname verification for internal traffic

[weizhouapache]

The required feature described as a wish

For internal traffic, it is common practice that HTTPS/TLS is used, but:

• the TLS certificates are often self-signed, or issued by an internal CA (not a public one like Let’s Encrypt).
• Sometimes services just use the server’s IP address instead of a DNS name.

Disabling SSL certificate and hostname verification increases compatibility, allowing CloudStack to interoperate with a wide range of hypervisors, networking equipment, and storage devices. This behavior is intentional by design, to ensure broader support across diverse environments. For example,

• Connect to Vmware vCenter
• Connect to Xenserver
• Connect to some external storage or network devices

We could provide more flexibility and also stronger security, including but not limited to

• Allow users to bring their own SSL certificates
• Support host name (DNS) instead of host ip in SSL communication
• Add an option for enforce SSL certificate verification
• Add an option for enforce hostname verification

[github-actions]

This issue is stale because it has been open for 120 days with no activity. It may be removed by administrators of this project at any time. Remove the stale label or comment to request for removal of it to prevent this.