Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-7332 Automatic certificate rotation before certificate expiration
  3. HDDS-7378

Ensure certificate hierarchy is set up properly

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • None
    • Security

    Description

      During initialization, and later on we need to maintain a proper hierarchy for the certificates as described in the proposal document.
      Every certificate has to have the following trust chain:
      rootCA cert-> n number of subordinate CA certs -> service certificate.
      Where any subordinate CA cert the following is true:
      1 < i <= n -> sCA[i-1] is the signed of sCA[i] and
      sCA[1] is signed by the rootCA

      This hierarchy has to be kept internally so that we can use it to provide certificate bundles that contains the whole trust chain from the signing CA instead of just the signed certificate.

      Attachments

        Issue Links

          is fixed by

          Sub-task - The sub-task of the issue HDDS-7379 Use certificate bundles instead of the sole certificate

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              sgal Szabolcs Gál
              pifta István Fajth
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: