Bug 1367599 - RFE: shorter certificate expiry time and auto-rotation tools
Summary: RFE: shorter certificate expiry time and auto-rotation tools
Keywords:
Status: CLOSED DUPLICATE of bug 1293395
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.2.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Dan McPherson
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks: OSOPS_V3
TreeView+ depends on / blocked
 
Reported: 2016-08-16 22:08 UTC by Drew Anderson
Modified: 2016-08-17 12:21 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-16 22:38:39 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Drew Anderson 2016-08-16 22:08:31 UTC
Certificate expiry can cause outages within openshift.

Following advice from letsencrypt (https://letsencrypt.org/2015/11/09/why-90-days.html), having shorter expiry time helps limit damage from key exposure and helps enforce automation tools for certificate rotation.

So, RFE is:
* shorter certificate expiry times with automated rotation ability (90d expiry with 30d rotation? or 28d expiry with 7d rotation?)
* monitoring tools to check for imminent expiry date in case auto-rotation fails

Comment 1 Dan McPherson 2016-08-16 22:38:39 UTC

*** This bug has been marked as a duplicate of bug 1293395 ***


Note You need to log in before you can comment on or make changes to this bug.