Loading...

Change Owns to Parent Ofs

Set start and due date...

Xporter

XML

Word

Printable

ARTs:

Services
Benefit hypothesis:

Hide

There are a number of internally hosted services that require TLS/mTLS encryption and verification. The leading example is Elasticsearch, which is hosted in multiple locations and requires TLS and mTLS for internal transport layer and client HTTP.

Currently, this is handled with a privately managed self-signed CA, but this is becoming increasingly problematic because it requires CaCert distribution to the increasing number of clients - applications and users.

This could be resolved with a delegated CA, that has been signed by publicly recognised CA, so that the certificate chain is already widely known/distributed.

Show
There are a number of internally hosted services that require TLS/mTLS encryption and verification. The leading example is Elasticsearch, which is hosted in multiple locations and requires TLS and mTLS for internal transport layer and client HTTP. Currently, this is handled with a privately managed self-signed CA, but this is becoming increasingly problematic because it requires CaCert distribution to the increasing number of clients - applications and users. This could be resolved with a delegated CA, that has been signed by publicly recognised CA, so that the certificate chain is already widely known/distributed.
Epic Link:
Computing Services API
Story Point Burn-up:
Overdue:

Provide a delegated CA, that has been signed by publicly recognised CA, so that the certificate chain is already widely known/distributed.

Story Point Burn-up: (0%)

Feature Estimate: 0.0

Publicly verifiable Certificate Authority for internally hosted services