kapouik
commented
6 years ago Be carreful : Many OCS server use self signed certificat (and it's a really good way to use it).
To ensure the security correctly, the agent must know the public key of the server's certificat and the field CN must be the same as the URL call by the agent. With this two validations, you can be sure that the server is the good one.
Currently it does not verify if the SSL certificate of the server is valid. It should do that, and provide an option to ignore invalid/self signed certificates.