[
https://issues.apache.org/jira/browse/HDDS-8592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Szabolcs Gál updated HDDS-8592:
-------------------------------
Description:
There are a few steps needed before the final piece of root CA rotation can be
fully implemented on client side.
DefaultCertificateClient needs the CertificateLifeTime monitor to be updated to
be able to run when root ca rotation is scheduled not just when regular
certificate rotation is in progress.
SignAndStoreCertificate currently is scattered across 3-4 different places,
whereas a central location would fully suffice, and it also needs to be updated
to use the new protocol to get the root CAs from the SCM.
was:During the process of root CA certificate rotation once the clients
acquire the new root CA certificate, they need to be able to add this new root
CA to their own TrustManagers.
> Prepare DefaultCertificateClient for Root CA Rotation
> -----------------------------------------------------
>
> Key: HDDS-8592
> URL: https://issues.apache.org/jira/browse/HDDS-8592
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: Security
> Reporter: Szabolcs Gál
> Priority: Major
> Labels: pki
>
> There are a few steps needed before the final piece of root CA rotation can
> be fully implemented on client side.
> DefaultCertificateClient needs the CertificateLifeTime monitor to be updated
> to be able to run when root ca rotation is scheduled not just when regular
> certificate rotation is in progress.
> SignAndStoreCertificate currently is scattered across 3-4 different places,
> whereas a central location would fully suffice, and it also needs to be
> updated to use the new protocol to get the root CAs from the SCM.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
