[pve-devel] applied: [PATCH manager v2 1/1] renew pve-ssl.pem when it nearly expires
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Nov 26 13:28:09 CET 2019
On 11/26/19 11:01 AM, Dominik Csapak wrote:
> but only if the cert is issued by the ca in /etc/pve/pve-root-ca.pem
> (by checking the issuer and openssl verify)
>
> this way we can reduce the lifetime of the certs without having
> to worry that they ran out
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> changes from v1:
> * only make checks if the cert expires soon (to avoid noise)
> * do not check if ca is issued by pve (just try it and log if it fails)
> * better comments
>
applied, thanks!
More information about the pve-devel
mailing list