[HDDS-7400] Extend configurability of the internal PKI system - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Security
Labels:
- pki

Description

In order to conform with an organisation's internal security regulations, we need to ensure that the relevant parts of our PKI system is configurable.
The key items to make sure are configurable for the first sight (default values are in parenthesis):

key length for certificates (2048 bit)
key length for CA certificates (2048 bit)
key algo (SHA256withRSA)
certificate lifetime (365 days)
CA certificate lifetime (1865 days)
revocation window (proposed: 4 hours)

The list is certainly not full, and should/can be extended as new things are identified.

Attachments

Activity

People

Assignee:: István Fajth

Reporter:: István Fajth

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Oct/22 13:06

Updated:: 10/May/23 13:52