shubhmkr-amazon comments

Results 6 comments of


                                            shubhmkr-amazon

[BUG] Exception when hot-reloading Let's Encrypt certs issued by alternate intermediate CAs

Hi @shikharj05, Yes, I am still working on this.

[BUG] Exception when hot-reloading Let's Encrypt certs issued by alternate intermediate CAs

Hi @tan3-netapp, Earlier, I made the changes but got stuck in the unit tests due to self-signed certificates used in testing. I started working on this PR again and will...

[BUG] Exception when hot-reloading Let's Encrypt certs issued by alternate intermediate CAs

Hi @willyborankin, it looks like PR: https://github.com/opensearch-project/security/pull/4624 is solving a different problem. In the mentioned issue, the error is coming because of a change in the intermediate CA. [Here](https://github.com/Mehdi-Bendriss/security/blob/e188dfc3d70fd198cd693edb0bf2a386b27250e8/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java#L671), during...

[BUG] Exception when hot-reloading Let's Encrypt certs issued by alternate intermediate CAs

Hi @parislarkins, the approach you suggested of bypassing the issuerDN check is not ideal. In this case, a self-signed certificate can also be renewed, which is not trusted. I am...

[BUG]Opensearch won't start if there are expired certificates in the CA bundle

I believe we should not check certificate validity of the truststore bundle that is coming from either PEM file or JKS file for the following reasons: 1. The truststore can...

[BUG]Opensearch won't start if there are expired certificates in the CA bundle

> which PR are you referring here? https://github.com/opensearch-project/security/pull/4979