-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
openshift-4.14.z, openshift-4.15.z, openshift-4.16.z, openshift-4.17.z
-
8
-
False
-
None
-
False
-
Not Selected
-
-
-
-
Description of problem:
Customer use cert-manager to manage all our certificates in an automated way on Openshift. On each Openshift cluster Customer has a ClusterIssuer of type CA allowed to issue certificates trusted by our corporate CA. Issue is that when this platform CA itself gets renewed, none of the Certificates issued via the CA receive the updated CA cert, so once it expires all of the services using it fail to connect as the trust chain in the leaf certificate is not valid anymore, even if leaf certificate itself is still valid. This is quite a critical issue/limitation that could have huge impact on services of an Openshift cluster using cert-manager. The issue is reproducible with the opensource version or with cert-manager coming for Red Hat operator (currently version 1.10.2) Could you consider providing a solution to this now that cert-manager is a product part of Openshift ecosystem ?
Version-Release number of selected component (if applicable):
cert-manager coming for Red Hat operator (currently version 1.10.2)
How reproducible:
Steps to Reproduce:
A similar issue is already raised upstream on GitHub https://github.com/cert-manager/cert-manager/issues/5851 with an associated reproducer
Actual results:
cert is not updating automatically .
Expected results:
cert provided by cert-manager should be updated automatically.
Additional info:
