Disable rotation for private cert + extend ttl
Closed this issue · 1 comments
Description
client to site gateway is not currently able to pick up rotated certs from SM. current config rotates every 4 weeks which means that connectivity breaks 4 weeks after running the examples in the module.
Suggest to bump the default - feedback from some consumers to take into consideration:
- Root CA: 10 years
- Intermediate CA: 3 years
- TLS Private Cert: 12 months
New or affected modules
https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert , https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert-engine , client-to-site module
By submitting this issue, you agree to follow our Code of Conduct
@vburckhardt Not sure I understand the TTL issue here. The TTL fields for root CA and intermediate certs in private_cert only apply to the max TTL allowed for created certs.
Current values:
Root CA: 1 year
Intermediate CA: 3 years
TLS Private Cert: 12 months
Is there something else here beyond extending root CA to 10 years?
Default auto_rotate value is 1 month, I'll extend that to 1 year.