[pve-devel] [PATCH manager/cluster] improve handling of issued certificates
Dominik Csapak
d.csapak at proxmox.com
Mon Oct 28 11:39:56 CET 2019
this series enabled auto-renewing of our self issued certificates
by checking the expiry time daily with 'pveupdate' and
renewing it if it expires in less than 2 weeks
also reduce the initial lifetime of the certificates to two years
this fixes an issue where some os/browsers (macOs Catalina) would
reject the certificate with the error: 'REVOKED' since
they have now stricter rules for certificates
since other os/browsers will probably also make the rules stricter,
it makes sense to shorten the time
pve-manager:
Dominik Csapak (1):
renew pve-ssl.pem when it nearly expires
PVE/CertHelpers.pm | 6 ++++++
bin/pveupdate | 33 +++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+)
pve-cluster:
Dominik Csapak (1):
change certificate lifetime to two years
data/PVE/Cluster.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.20.1
More information about the pve-devel
mailing list