You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2022/10/21 23:40:00 UTC

[jira] [Created] (HDDS-7379) Implement certificate owner driven certificate renewal

István Fajth created HDDS-7379:
----------------------------------

             Summary: Implement certificate owner driven certificate renewal
                 Key: HDDS-7379
                 URL: https://issues.apache.org/jira/browse/HDDS-7379
             Project: Apache Ozone
          Issue Type: Sub-task
            Reporter: István Fajth
            Assignee: István Fajth


The main idea here is that every service has the code already to create a certificate sign request (CSR) and to send it to the SCM.
In order to renew a certificate, we need a scheduled background task that will do the creation of the new certificate, before the certificate expires.
This task has to be scheduled at startup based on the certificate's remaining lifetime, and run some time before the certificate expires.
Once the certificate is renewed, the service has to be notified so that it can initiate the hot swap of the certificates, and once the swap of certificates is done, the task itself has to get back a notification or the control to remove the old certificate material.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org