You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@airavata.apache.org by "Marcus Christie (Jira)" <ji...@apache.org> on 2021/01/04 16:39:00 UTC

[jira] [Commented] (AIRAVATA-3397) Letsencrypt signing certificate changed

    [ https://issues.apache.org/jira/browse/AIRAVATA-3397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17258312#comment-17258312 ] 

Marcus Christie commented on AIRAVATA-3397:
-------------------------------------------

Since the client_truststore.jks is only used in Airavata to verify connections to Keycloak and since we don't need to import a certificate if we are using Letsencrypt (client_truststore.jks is only really needed for self-signed certificates), I'm going to explore making the client_truststore.jks optional. For deployments where we have Keycloak using a Letsencrypt certificate, we should be able to configure those to just not use a client_truststore.

> Letsencrypt signing certificate changed
> ---------------------------------------
>
>                 Key: AIRAVATA-3397
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-3397
>             Project: Airavata
>          Issue Type: Bug
>          Components: Security
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
>
> The Letsencrypt signing certificate we had imported into client_truststore.jks is no longer working since the signing certificate Letsencrypt uses has changed:
> - https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)