You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2023/05/10 13:31:00 UTC

[jira] [Resolved] (HDDS-7377) Implement certificate hotswap at renewal

     [ https://issues.apache.org/jira/browse/HDDS-7377?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

István Fajth resolved HDDS-7377.
--------------------------------
    Resolution: Invalid

Changing the relation of the tickets under PKI improvements made this one not needed anymore. Everything that it has tracked, now tracked under HDDS-7332.

> Implement certificate hotswap at renewal
> ----------------------------------------
>
>                 Key: HDDS-7377
>                 URL: https://issues.apache.org/jira/browse/HDDS-7377
>             Project: Apache Ozone
>          Issue Type: Improvement
>          Components: Security
>            Reporter: István Fajth
>            Assignee: Sammi Chen
>            Priority: Major
>              Labels: pki
>
> Once a certificate is renewed by a service, Ozone services should start to use it for new connections right away, while the already established connections also has to refresh their context so that if for whatever reason it is necessary to use the certificate and the keypair again, the established connections use the new certificate material after the point when the new certificate is signed and valid.
> As a basic idea, we can either use this solution, or a similar one that fits our internal needs:
> https://github.com/Hakky54/java-tutorials/tree/main/grpc-client-server-with-ssl/instant-server-ssl-reloading-with-grpc



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org