Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
In certain organizations the security requirements may include to disallow the usage of any separate trust chain that is distinct from the organisational chain.
In case of Ozone the internal trust chain is independent and transparent, but still we would like to conform with this requirement on the long run.
In order to conform such regulations, we need to enable the possibility to specify an external CA certificate instead of the self signed one that we use as the root of all trust within Ozone.
This feature comes with its own problems, as if this certificate is specified as part of a configuration, that means it may change while the service is restarting.
We can detect this change as we should store our certificates in a way that we can provide the certificate bundles and those are including the root CA certificate, but we also need to handle this during startup.
If a new root CA certificate is provided to the system at startup, that effectively means that we need to revoke the current certificates, and go through a similar procedure that we plan to have for the revocation of the internally generated rootCA certificate with the fundamental difference that we have to do it at startup and we can not rely on the old certificate at all, as we can not assume that the old rootCA certificate is not revoked, or expired already at this point.