Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-7391 Phase I - Automated live rotation of CA certificates in a cluster with established trust
  3. HDDS-8592

Fetch and save all root certificates during service's certificate rotation

    XMLWordPrintableJSON

Details

    Description

      There are a few steps needed before the final piece of root CA rotation can be fully implemented on client side.
      DefaultCertificateClient needs the CertificateLifeTime monitor to be updated to be able to run when root ca rotation is scheduled not just when regular certificate rotation is in progress.
      SignAndStoreCertificate currently is scattered across 3-4 different places, whereas a central location would fully suffice, and it also needs to be updated to use the new protocol to get the root CAs from the SCM.

      Attachments

        Activity

          People

            sgal Szabolcs Gál
            sgal Szabolcs Gál
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: