This commit is contained in:
Andy 2018-06-30 21:29:03 +02:00
parent 1b62158977
commit ebac88e6b2
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C

View File

@ -41,16 +41,16 @@ self-signed CA.
> https://golang.org/src/crypto/x509/root_linux.go
## Script logic
- generate CA cert if does not find any.
- always generate server cert on startup to ensure all IP addresses are in
x509 SAN.
- warn if the CA cert about to expire (<30 days till expiration).
- regenerate the CA cert if it finds it has expired.
- generate CA certificate if does not find any
- always generate server certificate on startup to ensure all IP addresses
are in x509 SAN
- warn if the CA certificate is about to expire (<30 days till expiration)
- regenerate the CA certificate if it finds it has expired
## Notes
- The CA cert will be valid for 3650 days (10 years).
- The server cert will be valid for 365 days (1 year).
- The x509 certs are ECDSA with prime256v1 curve and SHA256 signatures.
- The CA certificate will be valid for 3650 days (10 years)
- The server certifcate will be valid for 365 days (1 year)
- The x509 certs are ECDSA with prime256v1 curve and SHA256 signatures
## Testing