certificate_request.proto

Package : certificates.smh.solo.io

Top

certificate_request.proto

Table of Contents

CertificateRequestSpec

CertificateRequests are generated by the CertificateRequesting Agent installed on managed clusters. They are used to request a signed certificate from Service Mesh Hub based on a private key generated by the Agent (which never leaves the managed cluster).
When Service Mesh Hub creates an IssuedCertificate on a managed cluster, the local CertificateRequesting Agent will generate a CertificateRequest corresponding to it.
Service Mesh Hub will then process the Certificate Signing Request contained in the CertificateRequestSpec and write the signed SSL certificate back as a secret in the managed cluster, and update the CertificateRequest Status to point to that secret.

Field Type Label Description
certificateSigningRequest bytes Base64-encoded data for the PKCS#10 Certificate Signing Request issued by the CertificateRequesting Agent deployed in the managed cluster, corresponding to the IssuedRequest received by the CertificateRequesting Agent.

CertificateRequestStatus

Field Type Label Description
observedGeneration int64 The most recent generation observed in the the CertificateRequest metadata. If the observedGeneration does not match generation, the CA has not processed the most recent version of this request.
error string Any error observed which prevented the CertificateRequest from being processed. If the error is empty, the request has been processed successfully
state CertificateRequestStatus.State The current state of the CertificateRequest workflow reported by the Issuer.
signedCertificate bytes The signed intermediate certificate issued by the CA.
signingRootCa bytes The root CA used by the CA to sign the certificate.

CertificateRequestStatus.State

Possible states in which a CertificateRequest can exist.

Name Number Description
PENDING 0 The CertificateRequest has yet to be picked up by the issuer.
FINISHED 1 The Issuer has replied to the request and the signedCertificate and SigningRootCa status fields will be populated.
FAILED 2 Processing the certificate workflow failed.