You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (Jira)" <ji...@apache.org> on 2021/01/04 16:39:00 UTC
[jira] [Commented] (AIRAVATA-3397) Letsencrypt signing certificate
changed
[ https://issues.apache.org/jira/browse/AIRAVATA-3397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17258312#comment-17258312 ]
Marcus Christie commented on AIRAVATA-3397:
-------------------------------------------
Since the client_truststore.jks is only used in Airavata to verify connections to Keycloak and since we don't need to import a certificate if we are using Letsencrypt (client_truststore.jks is only really needed for self-signed certificates), I'm going to explore making the client_truststore.jks optional. For deployments where we have Keycloak using a Letsencrypt certificate, we should be able to configure those to just not use a client_truststore.
> Letsencrypt signing certificate changed
> ---------------------------------------
>
> Key: AIRAVATA-3397
> URL: https://issues.apache.org/jira/browse/AIRAVATA-3397
> Project: Airavata
> Issue Type: Bug
> Components: Security
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Major
>
> The Letsencrypt signing certificate we had imported into client_truststore.jks is no longer working since the signing certificate Letsencrypt uses has changed:
> - https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html
--
This message was sent by Atlassian Jira
(v8.3.4#803005)