zowe / zowe-install-packaging

Packaging repository for the Zowe install scripts and files
Eclipse Public License 2.0
27 stars 51 forks source link

Explore provisioning of the valid certificate with public authority #3080

Open balhar-jakub opened 2 years ago

balhar-jakub commented 2 years ago

Customer content

Is your feature request related to a problem? Please describe. The current installation certificates are self-signed and as such invalid for many use cases. It creates problems when installing Zowe for the first time.

Describe the solution you'd like Use the certificates that are actually valid and issued by one of the public authority. E.g. something like Let's Encrypt.

apurvraj commented 2 years ago

Hi Jakub, I would describe problem differently here: the primary question is how to manage certificates seamlessly without even letting your end-users do any explicit manual work to provision and manage these certificates. Can we have a system which can manage certificates for the users automatically?

With the certificates, CA comes into the picture. This CA can be a public or private CA and depends on product's deployment. So in the light of what I said above, the question is if we have a CA which can help us manage the certificates automatically. RFC 8555 is a good reference document here. Hence the right question to ask here would be: can we have an implementation of RFC 8555 adopted within APIML server so that different services can be authenticated seamlessly using it without even doing manual certificate work?

MarkAckert commented 2 years ago

Could we clarify the intended user experience and scope for this story...

balhar-jakub commented 1 year ago

From what I understand about this issue, the main goal here is to have a fully valid installation with valid certificates when Zowe is installed without the external CA provided by the users.