Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-7332 Automatic OM/DN/Recon certificate rotation before certificate expiration
  3. HDDS-7453

Check certificate expiration at service startup, renew if necessary

    XMLWordPrintableJSON

Details

    Description

      At service startup there is a possibility to ease the problem with the expiring internal SSL certificates.
      The idea here is to check the expiration date of the certificate during initialization, and remove the key and certificate material if the certificate is expired or is about to expire, then recreate and re-initialize the certificate client of the service, with that as there won't be certificate material there, it would re-create the keys and file a CSR to the SCM, and get a new certificate.

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. HDDS-7084 Release Ozone 1.3.0

          • Major - Major loss of function.
          • Resolved
          relates to

          Sub-task - The sub-task of the issue HDDS-9066 Remove the renew logic added by HDDS-7453

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #3930

          Activity

            People

              pifta István Fajth
              pifta István Fajth
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: