Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-7333

Implement support for certificate revocation

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Security

    Description

      Our current code contains parts of the implementation that was driven by the design doc in HDDS-2731. In the documentation in HDDS-7331 it is discussed why an other approach is more beneficial for us.
      The goals here are based on the new proposed approach:

      • create CRL distribution endpoint in SCMs
      • add cRLDistributionPoints property to our internal certificates
      • internalize the revocation logic inside SCMs
      • add CLI for certificate revocation
      • integrate certificate revocation check based on the CRL distribution points where needed
      • handle renewal, revoke and remove old certificate

      Attachments

        Issue Links

          Activity

            People

              pifta István Fajth
              pifta István Fajth
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: