Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-6030

Support for External Root CA

    XMLWordPrintableJSON

Details

    Description

      Currently, Ozone brings its own CA and intermediate CAs through SCM instances when security is enabled and doesn't support deployments with an existing Root CA. Oftentimes enterprise customers have their own root CA and intermediate CAs set up and configured to sign the certificates within their organization.

      This jira can be used to track this feature of supporting external Root CA in Ozone. This feature might require changes or updates to the security bootstrap flow of all the components. And, hence the feature can be tracked in a separate branch.

      More details are added to the design doc attached.
      External root CA support - Design Doc v1.pdf

      Attachments

        1. External root CA support - Design Doc v1.pdf
          143 kB
          Vivek Ratnavel Subramanian

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HDDS-7331 Ozone PKI improvements

          • Major - Major loss of function.
          • Open
          supercedes

          Improvement - An improvement or enhancement to an existing feature or task. HDDS-2731 Certificate Revocation Support for Ozone CA

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #2962

          Activity

            People

              vivekratnavel Vivek Ratnavel Subramanian
              vivekratnavel Vivek Ratnavel Subramanian
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: