You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#93 implemented implicit CA rotation when the CA certificate is about to expire, but it would be useful to have a way to initiate it manually (such as for #465).
One way to do this would be to add an annotation to the CA Secret that overrides the certificates' notBefore (expiration) time for renewal purposes. This way, you could request "replace this CA in a week", causing a new CA to be provisioned immediately, and provisioning using the old one to stop after about a week (still leaving a clean migration window, though shortened compared to the regular one).
The text was updated successfully, but these errors were encountered:
#93 implemented implicit CA rotation when the CA certificate is about to expire, but it would be useful to have a way to initiate it manually (such as for #465).
One way to do this would be to add an annotation to the CA Secret that overrides the certificates'
notBefore(expiration) time for renewal purposes. This way, you could request "replace this CA in a week", causing a new CA to be provisioned immediately, and provisioning using the old one to stop after about a week (still leaving a clean migration window, though shortened compared to the regular one).The text was updated successfully, but these errors were encountered: