[HDDS-7355] non-primordial scm fail to get signed cert from primordial SCM when converting an unsecure cluster to secure - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.3.0
Component/s: SCM HA, Security
Labels:
- pull-request-available

Description

when converting a unsecure cluster to a secure one, we need to reinit the primordial SCM to generate the root ca and a sub ca to itself. then , we need to bootstrap the other two scm to get a signed cert and sub ca from primordial SCM.

current code has a bug in initializeSecurityIfNeeded which will lead the bootstrapped scm to get a self signed cert from itself, not the root signed cert from primordial SCM.

Attachments

Issue Links

links to

GitHub Pull Request #3859

Activity

People

Assignee:: Jie Yao

Reporter:: Jie Yao

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19/Oct/22 07:07

Updated:: 19/Nov/22 07:29

Resolved:: 20/Oct/22 07:19