[HDDS-8592] Fetch and save all root certificates during service's certificate rotation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4.0
Component/s: Security
Labels:
- pki
- pull-request-available

Description

There are a few steps needed before the final piece of root CA rotation can be fully implemented on client side.
DefaultCertificateClient needs the CertificateLifeTime monitor to be updated to be able to run when root ca rotation is scheduled not just when regular certificate rotation is in progress.
SignAndStoreCertificate currently is scattered across 3-4 different places, whereas a central location would fully suffice, and it also needs to be updated to use the new protocol to get the root CAs from the SCM.

Attachments

Issue Links

links to

GitHub Pull Request #5000

GitHub Pull Request #5025

Activity

People

Assignee:: Szabolcs Gál

Reporter:: Szabolcs Gál

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/May/23 12:43

Updated:: 06/Jul/23 15:58

Resolved:: 06/Jul/23 15:58