- Migrate to mysql
- Enable mysql SSL
- Enable second site
- use one DB for all multica signers
- Test secondary intermediate CA
- OCSP
- CRL
- rebuild pki servers to test puppet policy
- package golang-cfssl
- monitoring
- Enable test service
- create document describing secrets policy
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | jbond | T268882 PKI/CFSSL Next steps | |||
Resolved | jbond | T268775 CFSSL: certdb not populating AKI making revokes impossible |
Event Timeline
Change 643914 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: move cfssl::db to its own define
Change 643914 merged by Jbond:
[operations/puppet@production] cfssl: move cfssl::db to its own define
Change 643923 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: use only one db config for multirootca
Change 643923 merged by Jbond:
[operations/puppet@production] pki: use only one db config for multirootca
Change 643928 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: enable mysql TLS
Change 643930 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: allow ability to provide key material content for intermediates
Change 643930 merged by Jbond:
[operations/puppet@production] pki: allow ability to provide key material content for intermediates
Change 643932 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: provide content for intermediate certs
Change 643932 merged by Jbond:
[operations/puppet@production] pki: provide content for intermediate certs
Change 643935 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: fix certificate location and mysql tls options
Change 643935 merged by Jbond:
[operations/puppet@production] pki: fix certificate location and mysql tls options
Change 643937 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: correct path
Change 643938 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: force removal of unmanged resources
Change 643938 merged by Jbond:
[operations/puppet@production] cfssl: force removal of unmanged resources
Change 643940 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: allow more flexible profile config and add test intermediate
Change 643940 merged by Jbond:
[operations/puppet@production] pki: allow more flexible profile config and add test intermediate
Change 644254 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfss::ocsp: move ocsp servie to its own resource
Change 644254 merged by Jbond:
[operations/puppet@production] cfss::ocsp: move ocsp service to its own resource
Change 644291 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] profile::pki::server: enable ocsp service
Change 644291 merged by Jbond:
[operations/puppet@production] profile::pki::server: enable ocsp service
Change 644295 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] P:pki::server: use safe_title for the label
Change 644295 merged by Jbond:
[operations/puppet@production] P:pki::server: use safe_title for the label
Change 644298 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] P:pki::server: use the correct CA certificate and add ocsp_port
Change 644298 merged by Jbond:
[operations/puppet@production] P:pki::server: use the correct CA certificate and add ocsp_port
Change 645318 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki::server: add ocsp proxy
Change 645318 merged by Jbond:
[operations/puppet@production] ki::server: add ocsp proxy
Change 645367 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: add ocsp refresh script and timer
Change 645367 merged by Jbond:
[operations/puppet@production] cfssl: add ocsp refresh script and timer
Change 645373 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: move ocsprefesh to a timer
Change 645373 merged by Jbond:
[operations/puppet@production] cfssl: move ocsprefesh to a timer
Change 645377 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: add ocsp refresh timer
Change 645377 merged by Jbond:
[operations/puppet@production] cfssl: add ocsp refresh timer