[jboss-jira] [JBoss JIRA] (WFCORE-3396) Provide certificate authority integration

Farah Juma (JIRA) issues at jboss.org
Wed Jul 11 11:45:00 EDT 2018 

    [ https://issues.jboss.org/browse/WFCORE-3396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13603856#comment-13603856 ] 

Farah Juma commented on WFCORE-3396:
------------------------------------

bq. I think tests well cover the area. However it would be better if tests were located in WFCore/WF for testing Elytron subsystem part as well.

There are similar tests in WildFly Core as well for testing the Elytron subsystem part (see {{org.wildfly.extension.elytron.CertificateAuthoritiesTestCase}} and {{org.wildfly.extension.elytron.KeyStoresTestCase}}).

{quote}Several questions which pop up: 
* what is maintability of mock messages. For new version clone of test will be created?{quote}

Let's Encrypt's ACME v2 API should be fairly stable now as their latest draft of the spec (draft-ietf-acme-acme-12) is in the process of becoming an RFC.

If new versions are introduced, we would need to update the mock messages in the relevant tests accordingly.

bq. How are we going to deal with new versions of Lets Encrypt API. Does LE keep backward compatibility?

Let's Encrypt hasn't explicitly mentioned their compatibility plans going forward. However, when introducing the new ACME v2 API, they used a separate endpoint so that clients relying on their v1 API would still work successfully and have lots of time to update to the newer version. There are many third-party clients that are now implementing their v2 API so they would probably do something similar if they introduce a non-backwards compatible version in the future. 

> Provide certificate authority integration
> -----------------------------------------
>
>                 Key: WFCORE-3396
>                 URL: https://issues.jboss.org/browse/WFCORE-3396
>             Project: WildFly Core
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 4.0.0.Alpha2
>            Reporter: Martin Choma
>            Assignee: Farah Juma
>
> Let's Encrypt provide API to fully automate (gain/renew) certificate retrieval using ACME protocol. Integrate this capability into wildfly.
> This can simplify administrator work. No need to perform certification renewal routine tasks.
> This is follow up on WFCORE-3305 and piece of bigger task "Simplify SSL configuration in wildfly". That said it is just "User experience" issue. Administrator still can work with Let's Encrypt by third party client and just reference wildfly to this certificate.
> [1] Latest draft: https://tools.ietf.org/html/draft-ietf-acme-acme-10



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list