Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-13088

Couchbase Server should use a CA keypair, with each node having its own keypair

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • feature-backlog
    • 3.0
    • ns_server
    • Security Level: Public
    • Untriaged
    • Unknown

    Description

      The SSL keypairs that are generated by Couchbase Server are self-signed and singular (single certificate shared across all nodes). This means that many TLS libraries will reject any attempts to use these certificates with the server (as the enforce a CommonName match for security). Couchbase Server should instead be generating a CA keypair, and then generate specific keypairs for each node which are signed by that CA. The CA certificate would be distributed to clients which would allow verification of each node's own certificate.

      Note that the server should also support importing of a CA keypair to allow customers who already have their own CA to generate a CA that falls within their own certificate chain rather than relying on only the Couchbase generated, self-signed CA.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            Unassigned Unassigned
            brett19 Brett Lawson
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty