Allow injecting root certificate validity via env and also validity for new certs, when using USE_LOCAL_CA=1 #229
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…or new certs, when using USE_LOCAL_CA=1
|
Sorry for slow response, but I have finally have time to look at this. I am not entirely sure I want to make it so easy and obvious to change this variable. Instead of forcing my ideas into this pull request I have created another one which I would love your feedback on: #230 |
|
Replaced by #230 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I added support for controlling the validity of the root certificate and the new certificates, when using local CA(discussion started here: #225).
I tried as you proposed, to generate a root certificate with a longer validity by changing the script and running it outside of the container. It worked to generate a root certificate with a validity bigger than 30 days. But when the container is running, it defaults to 30 days for new certificates, because it uses the script from the container, which has hardcoded 30 days in the openssl_cnf that is also used when generating a new certificate.
I also documented the newly added envs,
ROOT_CERT_LOCAL_CA_VALIDITYandNEW_CERT_LOCAL_CA_VALIDITY.