Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation on rotating the root certificate #137

Open
srinisudharsan opened this issue Feb 28, 2022 · 2 comments
Open

Documentation on rotating the root certificate #137

srinisudharsan opened this issue Feb 28, 2022 · 2 comments

Comments

@srinisudharsan
Copy link

While it is not common, there is always the possibility that one would have to rotate the root CA. Could you add documentation on how to do it without downtime?
@braunsonm
Copy link

Also would like to know this. Is it possible since you'd need to trust the old and new at the same time?
We were actually looking to use an intermediate CA so would it be possible to trust the root, renew the intermediate, then change back to only trusting the intermediate?

@SpectralHiss
Copy link

Your trust store PEM could be two different roots at the same time, so even if there is no intermediate you can just append root1 and root2 in a transition phase, rotate all pods and then remove root1 from the trust store.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@braunsonm @SpectralHiss @srinisudharsan