Skupper CA certificate renewal
55 views
Skip to first unread message
Mangesh Shirke
Nov 14, 2023, 2:57:03 AM11/14/23
to Skupper
Hi Team,
By default skupper uses multiple CA certificates generated by its own private CA. Theses certificates has expiry date mentions. My question is how can I renew these certificates before it expires? Or does Skupper renews them automatically and no manual intervention is required.
Thanks.
Gordon Sim
Nov 14, 2023, 4:19:18 AM11/14/23
to Skupper
At present the expiration is 5 years from creation. There is no automatic renewal in place yet, however that will come in a future release.
Mangesh Shirke
Nov 26, 2023, 3:08:59 PM11/26/23
to Gordon Sim, Skupper
Thank you for your response. Do we have a procedure to manually update or change a CA certificate?
--
You received this message because you are subscribed to a topic in the Google Groups "Skupper" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/skupper/4yGjYdQpxO4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to skupper+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/skupper/1b6b780d-d5ed-47dc-8e73-a2787dbe74dan%40googlegroups.com.
Paul Wright
Nov 27, 2023, 5:33:56 AM11/27/23
to Mangesh Shirke, Gordon Sim, Skupper
Hi Mangesh,
You could recreate the site,
Paul
You received this message because you are subscribed to the Google Groups "Skupper" group.
To unsubscribe from this group and stop receiving emails from it, send an email to skupper+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/skupper/CAH1RFppOMqN%3D0gFafbzy8bbjQoZdk_W_RzY%2BmmBRN-4Mdrmkng%40mail.gmail.com.
Paul Wright
Technical Writer
Red Hat, Waterford, Ireland
GitHub: pwright
Gordon Sim
Nov 27, 2023, 6:06:21 AM11/27/23
to Skupper
You can also use the cli to do `skupper revoke-access` . That will create a new CA. All previously generate certificates will be invalid thereafter, so you will need to relink all the sites that link to that one.
Mangesh Shirke
Nov 28, 2023, 6:31:31 AM11/28/23
to Gordon Sim, Skupper
Hi,
Recreating site and revoking access, both need system outage. Which I can not afford in production environment. Also I will have multiple services exposed, I have to expose all those services again.
Do we have any procedure which can avoid disruptions?
On Mon, Nov 27, 2023 at 4:36 PM Gordon Sim <gs...@redhat.com> wrote:
You can also use the cli to do `skupper revoke-access` . That will create a new CA. All previously generate certificates will be invalid thereafter, so you will need to relink all the sites that link to that one.
--
You received this message because you are subscribed to a topic in the Google Groups "Skupper" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/skupper/4yGjYdQpxO4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to skupper+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/skupper/8722414b-7ac9-451d-a4a4-73786c998536n%40googlegroups.com.
Gordon Sim
Nov 28, 2023, 8:34:31 AM11/28/23
to Skupper
Skupper does not itself yet offer anything further to help. You can of course use openssl or some other tool to recreate the certificate using the existing private key, and then update the secret accordingly.
Mangesh Shirke
Nov 29, 2023, 12:20:37 AM11/29/23
to Gordon Sim, Skupper
Hi Gordon,
Thank you for your response and help. Appreciate it.
To view this discussion on the web visit https://groups.google.com/d/msgid/skupper/c7cde961-4c54-47fa-a428-f411c6accda3n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages