A source of mine writes:
There is a difference between these two types of connections (Web Server connections and Agent connections), and it would be best if they considered them independently within their security infrastructure.
Given that the connections between the SAS Deployment Agents are internal only connections, they can do whatever they want (set up certificates or not), however, I personally do not think it is a good practice to allow something like the SAS Deployment Agent to remain insecure. It’s basically an API that can execute anything you want on a remote machine. In general, we recommend that the Deployment Agent and the EV Agents be secured using our generated certificates regardless of what they intend to do with external network connections.
... View more