You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Szabolcs Gál (Jira)" <ji...@apache.org> on 2023/01/09 15:58:00 UTC

[jira] [Assigned] (HDDS-7378) Ensure certificate hierarchy is set up properly

     [ https://issues.apache.org/jira/browse/HDDS-7378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Szabolcs Gál reassigned HDDS-7378:
----------------------------------

    Assignee: Szabolcs Gál  (was: István Fajth)

> Ensure certificate hierarchy is set up properly
> -----------------------------------------------
>
>                 Key: HDDS-7378
>                 URL: https://issues.apache.org/jira/browse/HDDS-7378
>             Project: Apache Ozone
>          Issue Type: Improvement
>          Components: Security
>            Reporter: István Fajth
>            Assignee: Szabolcs Gál
>            Priority: Major
>              Labels: pki
>
> During initialization, and later on we need to maintain a proper hierarchy for the certificates as described in the proposal document.
> Every certificate has to have the following trust chain:
> rootCA cert-> n number of subordinate CA certs -> service certificate.
> Where any subordinate CA cert the following is true:
> 1 < i <= n -> sCA[i-1] is the signed of sCA[i] and
> sCA[1] is signed by the rootCA
> This hierarchy has to be kept internally so that we can use it to provide certificate bundles that contains the whole trust chain from the signing CA instead of just the signed certificate.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org