[
https://issues.apache.org/jira/browse/HDDS-7334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth resolved HDDS-7334.
--------------------------------
Resolution: Invalid
After changing the structure of the tickets this become obsolete, closing.
> Rotation and revocation for CA certificates
> -------------------------------------------
>
> Key: HDDS-7334
> URL: https://issues.apache.org/jira/browse/HDDS-7334
> Project: Apache Ozone
> Issue Type: Improvement
> Components: Security
> Reporter: István Fajth
> Assignee: István Fajth
> Priority: Major
> Labels: certificate_CA_intergration, pki
>
> Once we have support for certificate revocation, and renewal, we need to also
> support revoking and renewal of CA certificates at any level.
> In order to achieve this, we need to:
> - implement rotation logic for subordinate CA certificates
> - implement rotation of the root CA certificate (tricky, as there will be
> periods of time, while there are more than one root CA which is valid)
> - implement revocation logic for CA certificates, this requires to revoke all
> certificates that are inheriting trust from this CA
> - implement root CA revocation, which effectively means a possibly live
> rebootstrap of the whole PKI, and the update of all the truststores used
> within Ozone services
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
