Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-25463

Spike add native PKI certificate management support

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.27.0, 3.28.0
    • Fix Version/s: None
    • Component/s: Security, SSL
    • Labels:
    • Notability:
      4

      Description

      PKI client side certificates usage is becoming more widespread. Examples in use include

      • NXRM to IQ Server PKI auth
      • NXRM yum proxy repos to Redhat remotes
      • NXRM Docker proxy repos to Redhat remotes

      Meanwhile, cloud deployments of NXRM are also increasing the complexity of automating updates to PKI certs that NXRM uses from the keystore currently specified by way of system properties: Updates of PKI certs require an NXRM restart and PKI entitlement certs for remote resources can change frequently, requiring some sort of home grown automated process to deploy new certs NXRM can use and then restarting NXRM, requiring downtime. Examples:

      Expected

      Add a REST API and UI for managing client side certs used for outbound PKI Auth ( for repos and even IQ server ). Design it such that NXRM restarts will not be required for the changes to take effect and the certificates will be persisted inside NXRM surviving upgrades. Imagining an interface similar to the existing SSL Certifcates UI.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Maksym Kalachov Maksym Kalachov
              Team:
              NXRM - Mad Max
              Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title