-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKI signing server should support rebooting #145
Labels
Comments
s0rc3r3r01
changed the title
cfssl server should support rebooting
PKI signing server should support rebooting
Apr 21, 2017
yes we should definitely enable this as you outline above. pr most welcome |
something like this should do the trick: bbc4251 i'll merge to master if testing checks out |
The issue with that, is that if you destroy the machine and recreate it, it will recreate the certs. I have another solution, that I still have to test completely, I've created a PR to review : #147 I still have to test it carefully... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I've seen the changes that were recently done with the introduction of the PKI module.
This is a very good improvement.
However I was recently thinking, what will happen if the PKI server reboots or crashes ?
It will be restarted and it will create a new ca, store it in s3 and start signing certificates with this one ? Is this really what we want ?
I think that the cloudinit should check if the file exists on s3 before and if it is there download it and start serving with this one, if it is not there just create it.
I'm happy to do the changes and create a PR myself if we agree this is indeed an issue and this is the way it should be tackled.
The text was updated successfully, but these errors were encountered: