[SERVER-85] Consider synchronizing hostcrl with cacrl during startup - Puppet Jira Server

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: SERVER 2.0.0
Component/s: Puppet Server
Labels:
None

Epic Link:
Clojure CA Service
Team:
Systems Engineering
Sub-team:
- Emerald
Story Points:
1
Sprint:
SERVER 2014-12-03, SERVER 2014-12-17, SERVER 2014/12/31, Server 2015-01-21, Server 2015-02-04

Description

...the same way we synchronize the hostcacert with the cacert.

This came about because some things – like the installer – are (correctly) using the hostcrl, but the Server never updates it after it creates it the first time. While our story for CRL support is already a bit of a manual one, this automated step seems harmless and could be worthwhile for users considering the development effort it would take.

Some ways we could implement this synchronization are:

Another part of the existing CA/initialize-master-ssl! or CA/retrieve-ca-cert!
A new CA protocol method (e.g. retrieve-ca-crl! or something)
Another part of the master service initialization

Attachments

Issue Links

relates to

SERVER-346 More surgical update of hostcrl from cacrl setting

Closed

SERVER-904 Restore hostcrl / cacrl synchronization changes

Closed

SERVER-1181 check if it's valid to sync cacrl to hostcrl before doing so

Closed

links to

Original PR - for Future branch

Replacement PR - for master branch

Activity

People

Assignee:: Unassigned

Reporter:: Nate Wolfe

QA Contact:: Erik Dasher

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2014/10/20 12:28 PM

Updated:: 2016/09/27 9:32 AM

Resolved:: 2015/02/04 2:08 PM