we are using the consul helm chart to deploy consul on k8s and we have
enableAutoEncrypt set to
true. This means consul clients automatically get a certificate from the server but how does this process actually look like in terms of security. Does the consul client create a certificate signing request (CSR) and the server sends back a signed certificate? Also how is it ensured that only consul clients can get a certificate from the server?
I am sure this is somewhere mentioned in the documentation but I was not able to find details on the certificate distribution process.