You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2013/12/05 11:07:35 UTC

[jira] [Commented] (CLOUDSTACK-5296) Add certificate chain support for NS

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-5296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839989#comment-13839989 ] 

ASF subversion and git services commented on CLOUDSTACK-5296:
-------------------------------------------------------------

Commit ee7380ace2014f8839417fd79e0a52cf9a0f02cd in branch refs/heads/master from [~sahmed]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=ee7380a ]

CLOUDSTACK-5296: Add certificate chain support for netscaler

This patch adds support for trust chains in the netscaler.

I initially planned on using the 10.1 API's "bundle" feature but during
my testing I found that was not working. So I am doing the chain linking
myself. Also NS can have only one entity of a certificate ie lets say
two different users try to add the same certificate on the netscaler
only one of them will go through. The other one says resouce already
exists even though they have different files.

This can be a problem in trust chains where the chain can be shared
between multiple accounts/certificates. So, I am using the figerprint as
an identifier of a certificate and making sure that we delete it only
when no one references it.


> Add certificate chain support for NS
> ------------------------------------
>
>                 Key: CLOUDSTACK-5296
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5296
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Devices
>    Affects Versions: 4.3.0
>            Reporter: Syed Ahmed
>             Fix For: 4.3.0
>
>
> Right now the SSL termination functionality for Netscaler does not support trust chains. 
> In netscaler if you have two certificates sharing the same trust chain, you cannot create two different entities for intermediate chains. ie no certificate can be same. 
> This should be taken care while deleting the certs too. As the chain in one may be shared by the other. 



--
This message was sent by Atlassian JIRA
(v6.1#6144)