Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Our current code contains parts of the implementation that was driven by the design doc in HDDS-2731. In the documentation in HDDS-7331 it is discussed why an other approach is more beneficial for us.
The goals here are based on the new proposed approach:
- create CRL distribution endpoint in SCMs
- add cRLDistributionPoints property to our internal certificates
- internalize the revocation logic inside SCMs
- add CLI for certificate revocation
- integrate certificate revocation check based on the CRL distribution points where needed
- handle renewal, revoke and remove old certificate
Attachments
Issue Links
- blocks
-
HDDS-7331 Ozone PKI improvements
- Open
- is duplicated by
-
HDDS-105 SCM CA: Handle CRL
- Resolved
- relates to
-
HDDS-10889 Remove certificate revocation related code.
- Resolved