Greetings.
Our current crl.pem for fedmsg (cert revocation list) expires on monday.
I'd like to regenerate it with a expire time out 6 months and push it out to all hosts that use fedmsg, hopefully asap.
So, this is:
* Generate new crl.pem for fedmsg in ansible-private. * Run proxy playbooks with -t fedmsg/proxy to copy the new crl.pem to https://fedoraproject.org/fedmsg/crl.pem * fedmsg using services should download it and use it.
+1s?
kevin
+1, though I thought we'd set fedmsg CRL as "content", meaning it wouldn't fall under freeze.
On Sat, Mar 17, 2018 at 12:02:40PM -0700, Kevin Fenzi wrote:
Greetings.
Our current crl.pem for fedmsg (cert revocation list) expires on monday.
I'd like to regenerate it with a expire time out 6 months and push it out to all hosts that use fedmsg, hopefully asap.
So, this is:
- Generate new crl.pem for fedmsg in ansible-private.
- Run proxy playbooks with -t fedmsg/proxy to copy the new crl.pem to
https://fedoraproject.org/fedmsg/crl.pem
- fedmsg using services should download it and use it.
+1 for me Note that may impact services running newer fedmsg where it is defined as a path and not an url.
Pierre
infrastructure@lists.fedoraproject.org