Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-6625

Improve CA cert rotation

XMLWordPrintable

    • Improve CA cert rotation
    • False
    • Hide

      None

      Show
      None
    • False
    • OSPRH-4567TLSe improvements
    • Not Selected
    • Proposed
    • Proposed
    • To Do
    • OSPRH-4567 - TLSe improvements
    • Proposed
    • Proposed

      Most of the services use the CA bundle to validate certificates, but there are some service, e.g. qemu and ovn which have a dedicated CA and the services (libvirt,qemu) one use the specific CA certificate for validation to not allow connections with client certs from other CAs.

      During CA cert rotation the old, and the new CA cert is valid. Those services would required a special use case bundle to be able to trust the old and the new CA (at least for some time).

            Unassigned Unassigned
            rhn-support-mschuppe Martin Schuppert
            rhos-dfg-ospk8s
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: