Outcome Overview
 
This outcome aims to identify and address any difference in the OCP keys & cert management of the OCP internal platform components. 
 
All cluster-level operators must provide the following capabilities:  

1. Automatic recovery for expired certificates (on boot & disaster recovery) for control plane and cluster operators
   • https://github.com/openshift/origin/blob/master/tls/autoregenerate-after-expiry/autoregenerate-after-expiry.md#how-to-meet-the-requirement
2. Have a CI test for the manual cert rotation process
3. Default to 2048 bits certs
4. Deprecate the use of weak ciphers. Default to strong ciphers
5. Clean and revoke old signer
6. Automated rotation of keys & certs
7. The certificate should NOT be valid for more than 24 months (avoid 10yr certs). Replaced by the ability for OCP core components to recover from expired certificates (e.g., if the cluster has been shut down or in hibernation for 90 days).
8. Ability to regenerate top-level CA
9. Certificate Ownership (OCPSTRAT-709), remove cert-generation code from the installer
10. _{[Dependant on Enhancement Porposal] Provide hooks for cluster-level API to trigger cert rotation as day-2 operation (OCPSTRAT-817)}
11. Have CI tests validating all previous points

[Red Hat Internal document] List of operators that should have these capabilities.

Success Criteria

This outcome will be considered completed once the core cluster operators have achieved the same capabilities and level of testing.

Expected Results (what, how, when)

This outcome will have an incremental delivery. Part of this work started with the FIPS CVE [1] and will continue during the subsequent few releases.

[1] https://access.redhat.com/articles/regenerating_cluster_certificates

Post Completion Review – Actual Results

The list at the beginning of this card should serve as the check list.