Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support multiple trusted-ca objects in Tenant API
See original GitHub issueTenant API should support multiple trusted-ca objects. This is needed for those use-cases:
- Within a tenant, devices with certificates from different CAs should be supported
- Key Rotation: If a CA certificate expires and a new one gets deployed, during a certain amount of time, both certificates should be accepted
I would recommend to change the data schema to something like:
"trusted-ca": [
{
"subject-dn": "CN=devices,O=ACME Corporation",
"public-key": "aGFsbG8gT21hCg==",
"not-before": "2015-01-01T00:00:00+0000",
"not-after": "2025-01-01T00:00:00+0000"
},
{
"subject-dn": "CN=devices,O=ACME Corporation",
"public-key": "aGFsbG8gT21hMgo=",
"not-before": "2024-01-01T00:00:00+0000",
"not-after": "2034-01-01T00:00:00+0000"
},
}
Issue Analytics
- State:
- Created 5 years ago
- Comments:19 (16 by maintainers)
Top Results From Across the Web
How to configure Azure AD certificate-based authentication
Prerequisites · Steps to configure and test Azure AD CBA · Step 1: Configure the certification authorities · Step 2: Enable CBA on...
Read more >Setting up additional trusted certificate authorities for builds
Create a ConfigMap in the openshift-config namespace containing the trusted certificates for the registries that use self-signed certificates. · Update the ...
Read more >Tenant API Specification :: Eclipse Hono™
This document describes the Tenant API's operations and the payload data format used by them. Please refer to Multi Tenancy for details regarding...
Read more >Clearly separate HTTP management API from Tenant, Device ...
which looks like dedicated value objects for the management API? ... If the tenant supports multiple trust anchors now, then we should ...
Read more >How to use the Deep Security REST API
Tenant Management - create, list, update and delete tenant accounts; create and list ... Both the REST and the SOAP Web Service APIs...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The client (i.e. the protocol adapters) should not bother with certs vs. public keys. We also already agreed that the client should not need to filter on the validity dates because that is already done by the Tenant service implementation. Thus, there is no need to transfer an encoded certificate to the adapter. A manager of the content of the device registry might still be able to upload a certificate for a tenant. The Tenant service implementation may store the certificate in its encoded form or it may extract the subject DN, public key and validity period and store those. In any case, it will always only transfer those public keys and subject DNs to the adapters that are currently valid in response to a request from an adapter …
Didn’t know that. But no problem, i haven’t done anything substantial yet. I’ll just move on to another topic 😃