rohityadavcloud commented on issue #9718:
URL: https://github.com/apache/cloudstack/issues/9718#issuecomment-2478454546
Hi all, by default I think this should work. The
ca.framework.cert.automatic.renewal needs to be enabled (true), and there's
also ca.framework.cert.expiry.alert.period and
ca.framework.background.task.delay. For agents that are expired certs but are
connected it's not an issue, but such agents risk failing to join when
restarted - for them an explicit API can be called:
```
(homecloud) 🐵 > provision certificate hostid= -h
provisionCertificate: Issues and propagates client certificate on a
connected host/agent using configured CA plugin
This API is asynchronous.
Required params: hostid,
API Params Type Description
========== ==== ===========
hostid uuid The host/agent uuid to which the certific
ate has to be provisioned (issued and pr
opagated)
provider string Name of the CA service provider, otherwis
e the default configured provider plugin
will be used
reconnect boolean Whether to attempt reconnection with host
/agent after successful deployment of ce
rtificate. When option is not provided,
configured global setting is used
```
However, VNC console to users browser uses admin uploaded certificate - when
they expire, admin needs to upload new end-user TLS/SSL certs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
