You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2023/02/17 00:53:00 UTC

[jira] [Resolved] (HDDS-7379) Use certificate bundles instead of the sole certificate

     [ https://issues.apache.org/jira/browse/HDDS-7379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

István Fajth resolved HDDS-7379.
--------------------------------
    Fix Version/s: 1.4.0
       Resolution: Fixed

> Use certificate bundles instead of the sole certificate
> -------------------------------------------------------
>
>                 Key: HDDS-7379
>                 URL: https://issues.apache.org/jira/browse/HDDS-7379
>             Project: Apache Ozone
>          Issue Type: Improvement
>          Components: Security
>            Reporter: István Fajth
>            Assignee: Szabolcs Gál
>            Priority: Major
>              Labels: pki, pull-request-available
>             Fix For: 1.4.0
>
>
> In the server side, currently we serve just the certificate of the entity itself for proving authenticity of the server side.
> In order to simplify the trust store, and ensure that the RootCA certificate is enough to be distributed for every potential client, we can provide the trust chain of the server certificates in a certificate bundle to the connecting clients.
> This task is about to ensure that once an intermediate CA signs a certificate, it provides it whole trust chain up until the RootCA in the certificate file that is sent back to the certificate owner after signing it CSR.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org