1. Proposed title of this feature request
Increase TLS certificates validity in ignition files beyond 24 hours

2. What is the nature and description of the request?
When using the openshift-installer to generate the ignition files for the bootstrap node, it generates TLS certificates that expire after 24 hours.
Due to limitation with the local private cloud provider, the installation cannot be completed within one day, thus it goes past the 24-hour limit, and then customers have to start over.

Hence customers are looking for an option to increase the default expiry time (24hr) of the TLS certificates and change the validity.

3. Why does the customer need this? (List the business requirements here)
Customer mentioned :
The local cloud provider has VMware powering their cloud, and they don’t provide admin access to vsphere. So went with UPI approach.
Given that the installation requires console access to vsphere (e.g connecting & disconnecting ISO ..etc), we schedule a meeting with them, where we instruct them what to do. However, they are limiting us to a 1 hour session, where we would have completed only the bootstap node then. Since the bootstrap node TLS certificates expire in one day, by the time we have a session with them the next day, the certificates would have been expire and we would have to start over, where we basically make no progress.
The limitation is in our arrangement and communication with the local cloud provider, but as a side effect we can’t complete the installation of openshift within a day.
Thus, the only feasible solution I see is to increase TLS certificates validity for bootstrap, so that we can complete the installation in the next days.

4. List any affected packages or components.

Additional Details : Customer is using VMware/vSphere UPI Disconnected cluster