At the moment only a single trust store is supported. This is sufficient for basic environments relying only on globally trusted certificate authorities. Though, once custom certificate authorities come into play (e.g. for company intranets) it may be required to differentiate between multiple trust stores.
This will also affect the current Certificate Overview view. In its current form it lacks utility in many ways. It lists any registered certificate no matter if it's an owner's certificate, an intermediate one or root certificate. This for example may cause that the most part of all certificates are non-owner ones. (e.g. > 80%)
Clicking on a certificate does only reveal it's properties and origin. There's neither a connection to which hosts are utilizing said certificate nor any information about which chain(s) it is part of. These associations may also be good candidates to be graphically visualized.
In order to overcome these disadvantages:
[ ] Drop the Certificate Overview view
[ ] Introduce a trust store management view with CRUD capabilities
[ ] Provide a detail view for trust stores with involved CAs and owner certificates
[ ] Provide a detail view for CA certificates showing details about associated owner certificates and possibly intermediate ones (involved chains) as well as the usual details
[ ] Provide a detail view for owner certificates showing involved hosts, its chain(s) and pretty graphs as well as the usual details
Gninieb
commented
5 years ago
At the moment only a single trust store is supported. This is sufficient for basic environments relying only on globally trusted certificate authorities. Though, once custom certificate authorities come into play (e.g. for company intranets) it may be required to differentiate between multiple trust stores.
This will also affect the current Certificate Overview view. In its current form it lacks utility in many ways. It lists any registered certificate no matter if it's an owner's certificate, an intermediate one or root certificate. This for example may cause that the most part of all certificates are non-owner ones. (e.g. > 80%)
Clicking on a certificate does only reveal it's properties and origin. There's neither a connection to which hosts are utilizing said certificate nor any information about which chain(s) it is part of. These associations may also be good candidates to be graphically visualized.
In order to overcome these disadvantages: