Update patch set 6

Browse Source

Patch Set 6:

> - What to do when certs expire (including the root cert) and how that should be managed, including their default lifetimes

You should run playbooks with specific flag to get them rotated. And it's up to deployer to keep track on expirtation dates. We can probably suggest some approach in docs.

> - Which flags might be included in the PKI setup (such as CRL/OCSP locations if they're used at all)

I'd say it's overkill for self-signed certificates. At least from the point where we are at the moment.

> - Whether it's worth including IP addresses and/or several SANs in the certs. IPs aren't best practice, but unless hostnames are used everywhere they're likely to be necessary
Yeah, I think we should ensure having san support and be able to issue certificates for IPs

Patch-set: 6

...

This commit is contained in:

Gerrit User 28619 2021-02-01 16:48:52 +00:00 committed by Gerrit Code Review

parent 35ac165301

commit 005603ef9e

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

Diff Content Not Available