You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@slider.apache.org by "Jonathan Maron (JIRA)" <ji...@apache.org> on 2014/11/05 15:40:33 UTC

[jira] [Commented] (SLIDER-585) Localize SSL certs for apps

    [ https://issues.apache.org/jira/browse/SLIDER-585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14198438#comment-14198438 ] 

Jonathan Maron commented on SLIDER-585:
---------------------------------------

So I imagine the requirements here:

  - indicate the need for a certificate for a given role/component
  - an algorithm for the generation of the CN (could be "CN=<container ID>, OU=<Hostname>")
  - a standard location/keystore name for seeding certificates (e.g. ${AGENT_WORK_DIR}/certs/appkeystore.jks), or do we need to allow the naming of this file?
  - if the certs are leveraged by Java/JSSE processes, the generated keystores will need to be designated as truststores (client or master) or keystores (master), they'll need passwords (standard or randomly generated and shared via CredentialProvider API), etc
 - Others?

Some assumptions:
  - Application components have pre-existing mechanisms for leveraging keystores/truststore (e.g. javax.net.ssl system properties, SSL socket factory and hostname verifier creation and utilization by HTTP connections, etc).
 - others?


> Localize SSL certs for apps
> ---------------------------
>
>                 Key: SLIDER-585
>                 URL: https://issues.apache.org/jira/browse/SLIDER-585
>             Project: Slider
>          Issue Type: Improvement
>          Components: security
>            Reporter: Billie Rinaldi
>            Assignee: Jonathan Maron
>             Fix For: Slider 2.0.0
>
>
> See discussion on SLIDER-580.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)