You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2022/10/21 23:40:00 UTC
[jira] [Created] (HDDS-7379) Implement certificate owner driven certificate renewal
István Fajth created HDDS-7379:
----------------------------------
Summary: Implement certificate owner driven certificate renewal
Key: HDDS-7379
URL: https://issues.apache.org/jira/browse/HDDS-7379
Project: Apache Ozone
Issue Type: Sub-task
Reporter: István Fajth
Assignee: István Fajth
The main idea here is that every service has the code already to create a certificate sign request (CSR) and to send it to the SCM.
In order to renew a certificate, we need a scheduled background task that will do the creation of the new certificate, before the certificate expires.
This task has to be scheduled at startup based on the certificate's remaining lifetime, and run some time before the certificate expires.
Once the certificate is renewed, the service has to be notified so that it can initiate the hot swap of the certificates, and once the swap of certificates is done, the task itself has to get back a notification or the control to remove the old certificate material.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org