mirror of
https://github.com/status-im/consul.git
synced 2025-02-23 02:48:19 +00:00
804eb17094
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates. This PR adds a check that renews the cert if it is half way through its validity period. In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
10 lines
139 B
JSON
10 lines
139 B
JSON
{
|
|
"Provider": "consul",
|
|
"Config": {
|
|
"PrivateKey": "",
|
|
"RootCert": "",
|
|
"RotationPeriod": "24h",
|
|
"IntermediateCertTTL": "36h"
|
|
}
|
|
}
|