Increase Galera self-signed SSL CA expiration
Currently we generate the CA certificate with default expiration time (30 days), while both CSR and signed certificates are set to expire in 3650 days. If a Galera service is restarted after 30 days, replication breaks due to expired CA certificate. Increasing the CA certificate expiration to 3650 days resolves the issue and makes expiration consistent between the certificates. Change-Id: Ibf5ca5c0504b681b8c6d8c3aae44b2039bd47ece
This commit is contained in:
parent
4b3df86bab
commit
30bdc809bb
|
@ -30,6 +30,7 @@
|
|||
command: >
|
||||
openssl req -new -nodes -x509 -subj
|
||||
"{{ galera_ssl_ca_self_signed_subject }}"
|
||||
-days 3650
|
||||
-keyout {{ galera_ssl_key | dirname }}/galera-ca.key
|
||||
-out {{ galera_ssl_ca_cert }}
|
||||
creates={{ galera_ssl_ca_cert }}
|
||||
|
|
Loading…
Reference in New Issue