mirror of https://github.com/hashicorp/consul
804eb17094
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates. This PR adds a check that renews the cert if it is half way through its validity period. In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests. |
||
|---|---|---|
| .. | ||
| builder.go | ||
| builder_oss.go | ||
| config.go | ||
| config_oss.go | ||
| default.go | ||
| default_oss.go | ||
| doc.go | ||
| flags.go | ||
| flags_test.go | ||
| flagset.go | ||
| merge.go | ||
| merge_test.go | ||
| runtime.go | ||
| runtime_oss.go | ||
| runtime_oss_test.go | ||
| runtime_test.go | ||
| segment_oss.go | ||
| segment_oss_test.go | ||