[
https://issues.apache.org/jira/browse/SLIDER-585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14198438#comment-14198438
]
Jonathan Maron commented on SLIDER-585:
---------------------------------------
So I imagine the requirements here:
- indicate the need for a certificate for a given role/component
- an algorithm for the generation of the CN (could be "CN=<container ID>,
OU=<Hostname>")
- a standard location/keystore name for seeding certificates (e.g.
${AGENT_WORK_DIR}/certs/appkeystore.jks), or do we need to allow the naming of
this file?
- if the certs are leveraged by Java/JSSE processes, the generated keystores
will need to be designated as truststores (client or master) or keystores
(master), they'll need passwords (standard or randomly generated and shared via
CredentialProvider API), etc
- Others?
Some assumptions:
- Application components have pre-existing mechanisms for leveraging
keystores/truststore (e.g. javax.net.ssl system properties, SSL socket factory
and hostname verifier creation and utilization by HTTP connections, etc).
- others?
> Localize SSL certs for apps
> ---------------------------
>
> Key: SLIDER-585
> URL: https://issues.apache.org/jira/browse/SLIDER-585
> Project: Slider
> Issue Type: Improvement
> Components: security
> Reporter: Billie Rinaldi
> Assignee: Jonathan Maron
> Fix For: Slider 2.0.0
>
>
> See discussion on SLIDER-580.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
