The BladeLogicAdministration.pdf guide documents this in the "Default Permissions and Security Configuration" section. Here's a snippet:
When you install BladeLogic on clients and servers, the following permissions and security
configurations are set by default for each RSCD agent:
• All clients are granted read/write access to all servers.
• All clients and servers are set to communicate using protocol 5, a BladeLogic protocol
for secure communication based on Transport Layer Security (TLS), the successor to
Secure Socket Layer (SSL). With protocol 5, TLS automatically negotiates the strongest
form of encryption that clients and servers can support.
The TLS Certs come as part of the agent and server install, correct?