I have two servers with a pair of RSA public and private keys.
We do not use a CA for the internal communication yet and therefore we need to exchange keys without CA.
I need to establish a trust between two servers: I need to copy a public key form the first server to the second server and the public key from the second server to the first server.
Note that it is not Diffie–Hellman key exchange (that explained very well in "Diffie-Hellman Key Exchange" in plain English).
The simplest way is just manually copy the public keys from one server to another.
An additional option is to use the following homegrown flow:
- Generate a one-time token on the first server
- Copy the token manually to the second server
- The first server accesses the second server via an API. Ase the token for the API authentication. The API implementation exchanges public keys between servers
Any suggestions to improve the flow?
Do we have some best practices flow, since homegrown flows are usually bad for security?