SSL Certificate management proposal.

Jayanth Othayoth ojayanth at gmail.com
Wed Aug 1 00:49:38 AEST 2018 

This proposal provides a mechanism to replace the self signed certificate
with  CA signed certificate based on BMC generated CSR.

What is CSR: Certificate Signing Request is a digital request  sent to
certificate authority(CA) to apply for a digital identity certificates,
which includes the  information about the organization info and a unique
identifying key( public key).

OpenSSL tools can be used to generate CSR and corresponding private key.

How to update a signed certificate on the BMC ?

The workflow for updating a signed certificate on the BMC consists of:
1. Generating a CSR on the BMC
2. Exporting the CSR from the BMC onto the user’s storage device
3. Obtaining a singed certificate corresponding to the CSR from a CA
4. Importing the signed certificate on the BMC

The user shall have the ability to export the generated CSR any number of
times until the signed certificate is imported.

In order to support the above workflow, the BMC shall provide the following
REST APIs:

   - Generate CSR
   - Renew CSR
   - Download CSR
   - Upload digitally signed certificate.
   - Activate digitally signed certificates
   - Download digitally signed certificate

Additional Requirements:

   - BMC should store the Signed certificate and private key in a
   persistent secured storage location..
   - Activate process shall validate the new certificate against the
   private key and information in the CSR.
   - Successful certificate activation shall replace the existing
   certificate and private key.
   - A new CSR generate request will overwrite the previous CSR. User
   should take caution to not repeat CSR requests to prevent overwriting
   pending CSRs.
   - Certificate management operation should be restricted for certain
   privilege levels.
   - As part of Boot process,  a new self-signed certificate is generated
   if:


   - No CA signed certificate is present or corrupted.
   - A self-signed certificate is not present or corrupted.
   - The certificate has expired.


   - Validity of the certificate must be ensured by the user or client
   application by periodically checking the expiry date. Certificate
   management feature may be be enhanced in future to generate events when the
   certificate is about to expire.


   - Existing REST session will be tossed during certificate activate
   process.


Note: REST/D-bus details not included here.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180731/76473dab/attachment-0001.html>

More information about the openbmc mailing list