Objective
Today SSL certificates are managed in several different places which makes updating existing certificates and issuing new certificates difficult and prone to errors. We currently have three separate certificate processes. Java based backend services use a password protected local key store to house certificates. The key store is maintained as part of the development code line and is distributed as part of the software’s package. Java services include:
Config Server
HIS
RMS
Core web based applications in AWS are fronted by a load balancer. We install the certificates into the Certificate Manager AWS service and apply those certificates to the load balancer using the AWS management console. The core web applications include:
App Manager
PopFlow
Data API
MediaBar
Connect API
Analytics
Queue Adapter is an outlier in that it follows the same process as the core web applications when deployed in AWS but has its own process when deployed on premise. When deployed on premise, Queue Adapter requires the installer to download an unsecured copy of the certificate and apply it to the Windows certificate manager. The installer must then assign the certificate to a specific port using Windows command line. Anyone with administrative access to the server can export the certificate and use it however they want.
Success metrics
Goal | Metric |
|---|---|
Assumptions
Requirements
Requirement | User Story | Importance | Jira Issue | Notes | |
|---|---|---|---|---|---|
| 1 | HIGH | ||||
| 2 |
|
|
|
|
|
User interaction and design
Open Questions
Question | Answer | Date Answered |
|---|---|---|
Add Comment