Bug 1367599

Summary: RFE: shorter certificate expiry time and auto-rotation tools
Product: OpenShift Container Platform Reporter: Drew Anderson <dranders>
Component: RFEAssignee: Dan McPherson <dmcphers>
Status: CLOSED DUPLICATE QA Contact: Johnny Liu <jialiu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.2.1CC: aos-bugs, jokerman, mmccomas, sten
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-16 22:38:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1303130    

Description Drew Anderson 2016-08-16 22:08:31 UTC 
Certificate expiry can cause outages within openshift.

Following advice from letsencrypt (https://letsencrypt.org/2015/11/09/why-90-days.html), having shorter expiry time helps limit damage from key exposure and helps enforce automation tools for certificate rotation.

So, RFE is:
* shorter certificate expiry times with automated rotation ability (90d expiry with 30d rotation? or 28d expiry with 7d rotation?)
* monitoring tools to check for imminent expiry date in case auto-rotation fails
Comment 1 Dan McPherson 2016-08-16 22:38:39 UTC 

*** This bug has been marked as a duplicate of bug 1293395 ***