Szabolcs Gál created HDDS-8590:
----------------------------------
Summary: Implement a protocol call to get the rootCA from SCM
Key: HDDS-8590
URL: https://issues.apache.org/jira/browse/HDDS-8590
Project: Apache Ozone
Issue Type: Sub-task
Components: Security
Reporter: Szabolcs Gál
Right now on client side (OM/Datanode/Recon) it's only possible to get the root
CA certificate during startup/init phase. When the root CA certificate is
rotated it's necessary to provide some form of protocol/communication channel
where the clients can get the new root CA certificate on demand.
This might also include rethinking the protocols regarding CAs in general
because currently the system doesn't distinguish between root and sub CAs and
might provide root CAs when asking for only sub CAs. There might be other bugs
as well.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
