|
|
|
|
@ -41,16 +41,16 @@ self-signed CA.
|
|
|
|
|
> https://golang.org/src/crypto/x509/root_linux.go
|
|
|
|
|
|
|
|
|
|
## Script logic
|
|
|
|
|
- generate CA cert if does not find any.
|
|
|
|
|
- always generate server cert on startup to ensure all IP addresses are in
|
|
|
|
|
x509 SAN.
|
|
|
|
|
- warn if the CA cert about to expire (<30 days till expiration).
|
|
|
|
|
- regenerate the CA cert if it finds it has expired.
|
|
|
|
|
- generate CA certificate if does not find any
|
|
|
|
|
- always generate server certificate on startup to ensure all IP addresses
|
|
|
|
|
are in x509 SAN
|
|
|
|
|
- warn if the CA certificate is about to expire (<30 days till expiration)
|
|
|
|
|
- regenerate the CA certificate if it finds it has expired
|
|
|
|
|
|
|
|
|
|
## Notes
|
|
|
|
|
- The CA cert will be valid for 3650 days (10 years).
|
|
|
|
|
- The server cert will be valid for 365 days (1 year).
|
|
|
|
|
- The x509 certs are ECDSA with prime256v1 curve and SHA256 signatures.
|
|
|
|
|
- The CA certificate will be valid for 3650 days (10 years)
|
|
|
|
|
- The server certifcate will be valid for 365 days (1 year)
|
|
|
|
|
- The x509 certs are ECDSA with prime256v1 curve and SHA256 signatures
|
|
|
|
|
|
|
|
|
|
## Testing
|
|
|
|
|
|
|
|
|
|
|
