alertmanager icon indicating copy to clipboard operation
alertmanager copied to clipboard
Published 4 weeks ago verified publisher icon prometheus

Set testdata / example CA expiry to 20 years from issue date

Open dswarbrick opened this issue 1 year ago • 1 comments

Also add human-readable x509 text format (as requested by @SuperQ in related PR https://github.com/prometheus/prometheus/pull/14696)

Fixes: #3962

dswarbrick avatar Nov 06 '24 22:11 dswarbrick

Incidentally, the expiry dates of the certs (both CA and server/client) seem to be a bit wild and inconsistent. The original CA had a lifetime of only 5 years, whilst the node{1,2}.pem certs had a 100 year lifetime (!). Usually the CA lifetime would be longer than host/node certs (although 100 years is a bit excessive).

It might be worth regenerating all the test / example certs with more sane lifetimes - and possibly consider bumping the key length to 4096 bits.

dswarbrick avatar Nov 06 '24 22:11 dswarbrick