[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Cluster-Birthday: 1 year old, many certificates expiring - how to update?



Hello,

thank you, the playbook seems to work well.

However, I don't want to keep track of cert expiry dates and since those certs are self-signed I'm going to modify the playbook to issue the certs for 30 years (which should exceed the life of the cluster).

To me it seems like there is no reason whatsoever to replace those certs every 2 years. Or am I missing something?

Regards
v


Am 2016-10-11 um 15:46 schrieb Pep Turro Mauri:


On 11 October 2016 at 11:40, v <vekt0r7 gmx net> wrote:
Hello,

our first cluster is nearly 1 year old

Happy birthday! :)
 
and many certificates on the master are going to expire soon. Is there a guide on how to update them? What do we need to do to make sure our cluster doesn't just cease working on the 22nd of October?


pep
 

Regards
v

$ openssl x509 -enddate -noout -in XYZ

/etc/origin/master/admin.crt
notAfter=Oct 22 07:03:34 2016 GMT

/etc/origin/master/ca-bundle.crt
notAfter=Oct 22 07:03:31 2016 GMT

/etc/origin/master/ca.crt
notAfter=Oct 22 07:03:31 2016 GMT

/etc/origin/master/master.etcd-client.crt
notAfter=Oct 22 07:03:33 2016 GMT

/etc/origin/master/master.kubelet-client.crt
notAfter=Oct 22 07:03:33 2016 GMT

/etc/origin/master/openshift-master.crt
notAfter=Oct 22 07:03:32 2016 GMT

/etc/origin/master/openshift-registry.crt
notAfter=Oct 22 07:03:35 2016 GMT

/etc/origin/master/openshift-router.crt
notAfter=Oct 22 07:03:35 2016 GMT

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]