Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: wrong certificates validity duration #517

Merged
merged 1 commit into from
Sep 5, 2024
Merged

fix: wrong certificates validity duration #517

merged 1 commit into from
Sep 5, 2024

Conversation

jvanz
Copy link
Member

@jvanz jvanz commented Sep 4, 2024
edited
Loading

Description

The validity duration for the root CA and other certificate generated in the webhooks.yaml are inverted. In the current code, the root CA expiration is less than the certificate used by the controller, which is signed by the root CA. However, the root CA validity should be 10 years (3650 days) and the certificate used by the controller webserver should be 1 year (365 days). This commit fixes the issue by inverting the validity duration in both certificates.

Related to kubewarden/kubewarden-controller#7

@jvanz
fix: wrong certificates validity duration
5daf995 
The validity duration for the root CA and other certificate generated in
the webhooks.yaml are inverted. In the current code, the root CA
expiration is less than the certificate used by the controller, which is
signed by the root CA. However, the root CA validity should be 10 years
(3650 days) and the certificate used by the controller webserver should
be 1 year (365 days). This commit fixes the issue by inverting the
validity duration in both certificates.

Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
@jvanz jvanz self-assigned this Sep 4, 2024
@jvanz jvanz requested a review from a team as a code owner September 4, 2024 17:18
fabriziosestito
fabriziosestito approved these changes Sep 4, 2024
View reviewed changes
Copy link
Contributor

@fabriziosestito fabriziosestito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this, good catch!

@flavio flavio merged commit 4cbc72c into kubewarden:main Sep 5, 2024
3 checks passed
@jvanz jvanz deleted the fix-cert-expiration branch October 31, 2024 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabriziosestito fabriziosestito fabriziosestito approved these changes

Assignees

@jvanz jvanz

Labels
None yet
Projects
Kubewarden
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jvanz @fabriziosestito @flavio