-
Story
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
Low
-
rhel-ha
-
0
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Description:
pcsd needs to be able to utilize multiple certificate/key pairs simultaneously. This is a foundational requirement to enable a smooth transition to Post-Quantum Cryptography (PQC), allowing clients to negotiate either classic or PQC certificate chains based on their capabilities and preferences.
Goals:
- Enable pcsd to serve multiple distinct certificate/key pairs.
Provide CLI commands within PCS to manage multiple certificate/key pairs.- Such commands add a lot of complexity while bringing little benefits. Based on analysis done in RHELHA-262, it was decided not to extend the CLI commands for certificate management.
Out of Scope (for this ticket, unless explicitly decided to include):
Automatic PQC Certificate Generation at PCSD Startup: While a clear future requirement for a smooth transition, the implementation of PCSD automatically generating a PQC certificate at startup is not part of this ticket's scope and should be addressed in a separate, follow-up ticket. This ticket focuses on the ability to use multiple certificates, not necessarily their automatic generation.