All authentication between components of the overall CommIT solution communicate with each other over protected channels secured and authenticated by X.509 certificates. These certificates are wild-card certificates issued to entire domains in order to limit hostname validation and use the certificate primarily as a public key.
Salt is used to propagate a JVM cacerts file that includes all certificates that need to be trusted. Future releases of the JVM will include modified cacerts, so these certificates should be re-imported and the new cacerts added to Salt and pushed to the machines.