Uploaded image for project: 'OpenShift Windows Containers'
  1. OpenShift Windows Containers
  2. WINC-1090

Import custom CA certificates into Windows node system store

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • WMCO 9.0.0
    • None
    • wmco
    • Strategic Product Work
    • 5
    • False
    • None
    • False
    • OCPSTRAT-292 - Support cluster-wide proxy on Windows Containers
    • WINC - Sprint 241

      This story covers updating the local trust store of all Windows instances with the certs present in the trusted-ca ConfigMap. All certs that are not already present have to be imported and services must be able to load in the new certs (instance reboot required).
       

      Engineering Details

      WICD will do the cert imports, reading from the trust bundle file created by WMCO on each instance. WICD should compare the existing system certs with the expected ones in the trust bundle, and only initiate an instance reboot if it updated the cert config.

      Acceptance Criteria

      • Windows nodes are configured to import user-provided CA certs
      • When proxy certificates are changed/rotated, the system cert store on each Windows nodes' is updated to hold each cert listed in the new trusted bundle

              mohashai Mohammad Shaikh
              mohashai Mohammad Shaikh
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: