Since certificates will expire after some time and self renew automatically. We need some logic in place to remove and old certificates that are expired. If a certificate is not relevant any more then there is no need to keep the certificate or provided it during the TLS verification.
To this end we need a background task that will periodically check for expired certificates and just remove them. The CertManager in the keys domain is the likely place to implement this.
Specification
Since certificates will expire after some time and self renew automatically. We need some logic in place to remove and old certificates that are expired. If a certificate is not relevant any more then there is no need to keep the certificate or provided it during the TLS verification.
To this end we need a background task that will periodically check for expired certificates and just remove them. The
CertManager
in the keys domain is the likely place to implement this.Additional context
Related: ENG-390 #787
Tasks