István Fajth created HDDS-7379:
----------------------------------
Summary: Implement certificate owner driven certificate renewal
Key: HDDS-7379
URL: https://issues.apache.org/jira/browse/HDDS-7379
Project: Apache Ozone
Issue Type: Sub-task
Reporter: István Fajth
Assignee: István Fajth
The main idea here is that every service has the code already to create a
certificate sign request (CSR) and to send it to the SCM.
In order to renew a certificate, we need a scheduled background task that will
do the creation of the new certificate, before the certificate expires.
This task has to be scheduled at startup based on the certificate's remaining
lifetime, and run some time before the certificate expires.
Once the certificate is renewed, the service has to be notified so that it can
initiate the hot swap of the certificates, and once the swap of certificates is
done, the task itself has to get back a notification or the control to remove
the old certificate material.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
