-
|
HI This is the default behaviour of RKE2 certificates where RKE2 client and server certificates are valid for 365 days from their date of issuance. Any certificates that are expired, or within 90 days of expiring, are automatically renewed every time RKE2 starts. But what we are looking for is an option through which we can configure the lifetime of RKE2 certificates because many of customers rarely upgrade and majority of the tickets we receive from customers are certificates related. So it would be great if there is an option exposed through which we can override the default lifetime of certificates Now you guys may suggest us to generate our own certificates but managing these certificates is quite a lot of pain and we don't want to re-invent the wheel. All we are looking for is an option through which we can extend the default lifetime of the certificates |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
|
@brandond is it something in works or on your team's radar ? |
Beta Was this translation helpful? Give feedback.
-
|
We realised that there is a hacky way to achieve the same, but is it officially supported ? can the same be exposed via a flag keeping one year as default ? 
|
Beta Was this translation helpful? Give feedback.
-
|
Use of |
Beta Was this translation helpful? Give feedback.
-
|
Thanks Brandon for confirmation that the support for this flag will not be removed in later releases |
Beta Was this translation helpful? Give feedback.
Use of
CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYSis NOT officially supported, and we DO NOT document it or recommend it. However, we have no plans to remove support for this env var from the library that RKE2 uses to generate certificates.