Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-96215

Support for multiple server certificates in pcsd

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • None
    • pcs
    • None
    • Low
    • rhel-ha
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Description:

      pcsd needs to be able to utilize multiple certificate/key pairs simultaneously. This is a foundational requirement to enable a smooth transition to Post-Quantum Cryptography (PQC), allowing clients to negotiate either classic or PQC certificate chains based on their capabilities and preferences.

      Goals:

      • Enable pcsd to serve multiple distinct certificate/key pairs.
      • Provide CLI commands within PCS to manage multiple certificate/key pairs.
        • Such commands add a lot of complexity while bringing little benefits. Based on analysis done in RHELHA-262, it was decided not to extend the CLI commands for certificate management.

      Out of Scope (for this ticket, unless explicitly decided to include):

      Automatic PQC Certificate Generation at PCSD Startup: While a clear future requirement for a smooth transition, the implementation of PCSD automatically generating a PQC certificate at startup is not part of this ticket's scope and should be addressed in a separate, follow-up ticket. This ticket focuses on the ability to use multiple certificates, not necessarily their automatic generation.

              tojeline@redhat.com Tomas Jelinek
              omular1@redhat.com Ondrej Mular
              Tomas Jelinek Tomas Jelinek
              Cluster QE Cluster QE
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: