You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2023/05/10 13:45:00 UTC

[jira] [Resolved] (HDDS-7332) Automatic certificate rotation before certificate expiration

     [ https://issues.apache.org/jira/browse/HDDS-7332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

István Fajth resolved HDDS-7332.
--------------------------------
    Fix Version/s: 1.4.0
       Resolution: Fixed

> Automatic certificate rotation before certificate expiration
> ------------------------------------------------------------
>
>                 Key: HDDS-7332
>                 URL: https://issues.apache.org/jira/browse/HDDS-7332
>             Project: Apache Ozone
>          Issue Type: Improvement
>          Components: Security
>            Reporter: István Fajth
>            Assignee: István Fajth
>            Priority: Major
>              Labels: certificate_rotation, pki
>             Fix For: 1.4.0
>
>
> As per the doc in HDDS-7331, the goals here are:
> - implement a certificate owner driven certificate renewal before expiration in services
> - implement certificate hotswap without service disruption
> - introduce multiple certificates for different uses in services, separate these concerns on the certificates level
> - start to include the whole trust chain in a certificate bundle, and use that instead of the sole certificate (with that allow us to have an arbitrary number of entities in the trust chain that we don't need to pre-distribute to truststores.)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org