Uploaded image for project: 'Application Authorization Framework'
  1. Application Authorization Framework
  2. AAF-1084

Secure traffic between CertService and CertService's client

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Medium Medium
    • Frankfurt Release
    • None
    • None

      Goal: Make sure nobody will sniff sensitive data sent between CertService's client and CertService

       

      CoS:

      • Certificates for CertService's client and CertService created automatically:
        • OOM enhanced to create in the fly certs for CertService's client and CertService from the same self signed CA (one layer is enough)
      • Created certificates and root CA should be stored in place where there can be easily replaced when expired (e.g. K8s secrets)
      • CertService's client reconfigured to:
        • mount certificate and use it in REST API call (scheme - https://);
        • mount CA for server validation
      • CertService reconfigured to:
        • mount certificate
        • expose only HTTPS endpoint and use generated certificate and CA
        • require mutual TLS to authenticate client calls

       

            bogumil_zebek bogumil_zebek
            baniewsk baniewsk
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: