[
https://issues.apache.org/jira/browse/HDDS-8590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HDDS-8590:
---------------------------------
Labels: pki pull-request-available (was: pki)
> Implement a protocol call to get the rootCA from SCM
> ----------------------------------------------------
>
> Key: HDDS-8590
> URL: https://issues.apache.org/jira/browse/HDDS-8590
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: Security
> Reporter: Szabolcs Gál
> Assignee: Szabolcs Gál
> Priority: Major
> Labels: pki, pull-request-available
>
> Right now on client side (OM/Datanode/Recon) it's only possible to get the
> root CA certificate during startup/init phase. When the root CA certificate
> is rotated it's necessary to provide some form of protocol/communication
> channel where the clients can get the new root CA certificate on demand.
> This might also include rethinking the protocols regarding CAs in general
> because currently the system doesn't distinguish between root and sub CAs and
> might provide root CAs when asking for only sub CAs. There might be other
> bugs as well.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
