[
https://issues.apache.org/jira/browse/HDDS-7378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth resolved HDDS-7378.
--------------------------------
Resolution: Fixed
> Ensure certificate hierarchy is set up properly
> -----------------------------------------------
>
> Key: HDDS-7378
> URL: https://issues.apache.org/jira/browse/HDDS-7378
> Project: Apache Ozone
> Issue Type: Improvement
> Components: Security
> Reporter: István Fajth
> Assignee: Szabolcs Gál
> Priority: Major
> Labels: pki
>
> During initialization, and later on we need to maintain a proper hierarchy
> for the certificates as described in the proposal document.
> Every certificate has to have the following trust chain:
> rootCA cert-> n number of subordinate CA certs -> service certificate.
> Where any subordinate CA cert the following is true:
> 1 < i <= n -> sCA[i-1] is the signed of sCA[i] and
> sCA[1] is signed by the rootCA
> This hierarchy has to be kept internally so that we can use it to provide
> certificate bundles that contains the whole trust chain from the signing CA
> instead of just the signed certificate.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
