Say I have a central server whose job it is to tell a load of my other servers what to do. These other servers are running API's listening for instructions from my central server.
How can I cryptographically guarantee, on my listening servers that a request originates from a central server?
The listening server must only be able to verify that the request originates from my central server, it must not be able to also sign or encrypt requests, only decrypt or verify the signature.
Anything on the listening server can be pre-distributed before the server is deployed.
What are my best options in this case? SSL Certificates, Public Key/Private Key, something else? How would I go implement it (high level explanation)