Open balhar-jakub opened 2 years ago
Hi Jakub, I would describe problem differently here: the primary question is how to manage certificates seamlessly without even letting your end-users do any explicit manual work to provision and manage these certificates. Can we have a system which can manage certificates for the users automatically?
With the certificates, CA comes into the picture. This CA can be a public or private CA and depends on product's deployment. So in the light of what I said above, the question is if we have a CA which can help us manage the certificates automatically. RFC 8555 is a good reference document here. Hence the right question to ask here would be: can we have an implementation of RFC 8555 adopted within APIML server so that different services can be authenticated seamlessly using it without even doing manual certificate work?
Could we clarify the intended user experience and scope for this story...
From what I understand about this issue, the main goal here is to have a fully valid installation with valid certificates when Zowe is installed without the external CA provided by the users.
Customer content
Is your feature request related to a problem? Please describe. The current installation certificates are self-signed and as such invalid for many use cases. It creates problems when installing Zowe for the first time.
Describe the solution you'd like Use the certificates that are actually valid and issued by one of the public authority. E.g. something like Let's Encrypt.