#19 Enable tracking multiple CA certs in anticipation of CA cert expiration
Opened 7 years ago by admiyo. Modified 3 years ago

CA Certs are not valid for eternity. While preparing for upgrading the Cert, there is a period where both the old and new certificates need to be present in the client certificate databases. Cert monger needs to be an active particiapnt in the roll over process.

A large part of solving this is on the CA side.

Certmonger is going to need to know how to Poll the CAs in order get a list of the active CA certs.

Certmonger will need to know the approach for updating NSS, OpenSSL Directory and, potentially, PEM File based certificates.

New milestone was created for milestone-less tickets.

Metadata Update from @mkosek:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

3 years ago

Login to comment on this ticket.