#1040 Automate host IPA TLS certs retrieval/deployment
Closed: Fixed 22 days ago by arrfab. Opened a month ago by arrfab.

We have some TLS certs that are signed by Fedora IPA infra (dogtag).
These certs are generated at the IPA side with a validity of 2years by default.
While properly enrolled nodes can retrieve that automatically through dogtag, remote systems (like in the CentOS Infra) can't.
So we should have :
- zabbix monitoring point for TLS cert validity (from host perspective)
- automation in place to retrieve renewed TLS certs
- let ansible redeploy new TLS certs (already there, just need the renewed .crt files)

Metadata Update from @arrfab:
- Issue assigned to arrfab

a month ago

Metadata Update from @arrfab:
- Issue tagged with: authentication, cbs, centos-build-pipeline, centos-common-infra, high-gain, medium-trouble

a month ago

we have documented the simple process (including a bash wrapper/helper script in git repo) and we also have updated with ansible some TLS certs that were due for a renewal (like on cbs infra)

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

22 days ago

Login to comment on this ticket.