Difference between revisions of "Barbican/Blueprints/ssl-certificates"
Boomboom364 (talk | contribs) m (Boomboom364 moved page Barbican/Blueprints/ssl-certificates to OpenStack:Printer Support Phone Number 1 (888) 990-8801: gud) |
m (Fungi moved page OpenStack:Printer Support Phone Number 1 (888) 990-8801 to Barbican/Blueprints/ssl-certificates without leaving a redirect: revert) |
(2 intermediate revisions by 2 users not shown) | |
(No difference)
|
Latest revision as of 20:27, 12 August 2016
- Launchpad Entry: https://blueprints.launchpad.net/barbican/+spec/add-ssl-ca-support
- Created: 27-Mar-2014
- Updated: 31-Mar-2014
- Contributors: Chad Lung, Doug Mendizabal, Lisa Clark, Sheena Gregson, John Wood, Jarret Raim, Paul Kehrer, Steven Gonzales, John Vrbanac
Abstract
This blueprint addresses support of ordering (new) and modification (existing) of SSL certificates from both globally rooted and internal certificate authorities through Barbican.
Description
The following are proposed workflow diagrams and details relevant to the Barbican implementation of SSL certificate life-cycle management.
The plan is to have something generic enough that plugins can be created for numerous certificate authority back ends like Symantec, Dogtag, etc. These plugins would be enabled through Barbican. Barbican would act as a proxy to send the incoming order (certificate) to the appropriate plugin. All plugins would share a common interface. The workflow for issuing new and modifying existing certificates would live inside of the plugins.
Common Statuses
- Pending (not issued, not error)
- Error (not fatal, fixable)
- Failure (fatal error)
- Success (order complete)
Certificate Authority Order Flow
Certificate Authority Order Flow
Certificate Authority Update Flow
Proposed Changes
This is a work in progress
- Barbican would need to modified to allow for plugins to be called based upon order types
- Investigate how alerts should be dispatched and build that piece accordingly
- See the references section for additional blueprints that this work would be dependent on
References
[1] Blueprint: Add SSL CA Support
[2] Dependent Blueprint: Add more types to the orders resource