[
https://issues.apache.org/jira/browse/HDDS-7379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HDDS-7379:
---------------------------------
Labels: pki pull-request-available (was: pki)
> Use certificate bundles instead of the sole certificate
> -------------------------------------------------------
>
> Key: HDDS-7379
> URL: https://issues.apache.org/jira/browse/HDDS-7379
> Project: Apache Ozone
> Issue Type: Improvement
> Components: Security
> Reporter: István Fajth
> Assignee: Szabolcs Gál
> Priority: Major
> Labels: pki, pull-request-available
>
> In the server side, currently we serve just the certificate of the entity
> itself for proving authenticity of the server side.
> In order to simplify the trust store, and ensure that the RootCA certificate
> is enough to be distributed for every potential client, we can provide the
> trust chain of the server certificates in a certificate bundle to the
> connecting clients.
> This task is about to ensure that once an intermediate CA signs a
> certificate, it provides it whole trust chain up until the RootCA in the
> certificate file that is sent back to the certificate owner after signing it
> CSR.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
