self-signed cert is valid for just a month
Bug #1483391 reported by
Andreas Hasenack
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| haproxy (Juju Charms Collection) |
In Progress
|
High
|
Chris Glass | ||
Bug Description
The self-signed certificate generated by the haproxy charm, revision 11 from the charm store (latest as of now), is valid for only 30 days:
# openssl x509 -in /var/lib/
notBefore=Aug 10 19:34:23 2015 GMT
notAfter=Sep 9 19:34:23 2015 GMT
$ juju status --format=tabular
[Services]
NAME STATUS EXPOSED CHARM
haproxy unknown false cs:trusty/
(...)
Related branches
lp://staging/~tribaal/charms/trusty/haproxy/longer-openssl-selfsigned
- David Britton (community): Approve
-
Diff: 24 lines (+1/-2)2 files modifieddata/openssl.cnf (+0/-1)
hooks/hooks.py (+1/-1)
| description: | updated |
Revision history for this message
| Andreas Hasenack (ahasenack) wrote | #1 |
Revision history for this message
| Andreas Hasenack (ahasenack) wrote | #2 |
Revision history for this message
| Andreas Hasenack (ahasenack) wrote | #3 |
| Changed in haproxy (Juju Charms Collection): | |
| status: | New → In Progress |
| importance: | Undecided → High |
| assignee: | nobody → Chris Glass (tribaal) |
| tags: | added: kanban-cross-team |
To post a comment you must log in.
For some reason the openssl.cnf file shipped in data/openssl.cnf is not being honored:
def gen_selfsigned_
...
subprocess.
['openssl', 'req', '-new', '-x509', '-nodes', '-config',
'-keyout', key_file, '-out', cert_file],)
A quick dirty fix is to add '-days', '3650' to the command line.