Uploaded image for project: 'Ansible Automation Platform RFEs'
  1. Ansible Automation Platform RFEs
  2. AAPRFE-2173

Expose the field "selfsigned_not_after" when generating self-signed certs to allow for shorter lifespan certs

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      1. What is the nature and description of the request?
        Add a variable to the installer that allows specifying the lifespan of a self-signed certificate
      2. Why does the customer need this? (List the business requirements here)
        Customers have requirements for shorter lifespan certificates, and some browsers even reject certificates over 398 days old regardless of the lifespan of the certificate.
        Additionally, some network scanners will report certificates found with a long lifespan as a security issue
      3. How would you like to achieve this? (List the functional requirements here)
        Expose a variable, self_signed_cert_lifespan (or similar, following the internal variable naming conventions)
        The default can stay at 3650d, as it is today.
        This variable is then injected into all of the different TLS cert generations in the AAP installer to generate shorter lifespan certificates
      4. List any affected known dependencies: Doc, UI etc..
        This is specific to the installer, and will also require documentation of the variable exposed.
      5. Github Link if any
        I would create this content but since there is no upstream to the installer codebase, I am unable to do so.

              dysilva Dylan Silva
              rhn-gps-rbontreg Ryan Bontreger
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: