Description
During initialization, and later on we need to maintain a proper hierarchy for the certificates as described in the proposal document.
Every certificate has to have the following trust chain:
rootCA cert-> n number of subordinate CA certs -> service certificate.
Where any subordinate CA cert the following is true:
1 < i <= n -> sCA[i-1] is the signed of sCA[i] and
sCA[1] is signed by the rootCA
This hierarchy has to be kept internally so that we can use it to provide certificate bundles that contains the whole trust chain from the signing CA instead of just the signed certificate.
Attachments
Issue Links
- is fixed by
-
HDDS-7379 Use certificate bundles instead of the sole certificate
- Resolved