trafficcontrol icon indicating copy to clipboard operation
trafficcontrol copied to clipboard

Published 20 hours ago verified publisher icon apache

Self-Signed certificate management

Open smalenfant opened this issue 2 years ago • 1 comments

This Improvement request (usability, performance, tech debt, etc.) affects these Traffic Control components:

  • Traffic Portal

Current behavior:

Traffic Ops requires all the parameters configured for default_certificate_info. The API is correctly using all those to generate self-signed certificates within delivery service creation.

Once these self-signed certificates expire, one has to renew them. Here's what we are faced with:

  • The "Renew" option on the UI doesn't work: internal server error.
  • Using "Generate SSL Keys" on Portal, defaults are not used, which might be causing renew error.

I understand the defaults are created for Traffic Ops and Portal isn't aware of those.

New behavior:

  • be able to use "renew" on self-signed certificates
  • Should Traffic Portal have optional fields to use defaults?

smalenfant avatar Feb 03 '23 14:02 smalenfant

I wouldn't think TP should have to know about those defaults. TO should a) never reliably reproduce an internal server error for any given input under normal conditions and b) support refreshing certificates using the same method that created them in the first place

ocket8888 avatar Feb 03 '23 15:02 ocket8888