You can use the content of this repository to leverage the Open Policy Agent (https://www.openpolicyagent.org/) for cloud foundry environments. If offers runtime support to make calls to the open policy server from a CF application and support to manage and distribute Open Policy Agent bundles.
Apache License 2.0
5
stars
6
forks
source link
Check identity cert validity before DCL upload #42
Check the expiry date of the identity certificate before the DCL upload. It is used to establish a mTLS connection to the ams-server.
For bindings created with X509_GENERATED the cert is only valid 30 days.
Trying to use an expired cert might cause errors which the consumer does not understand at first glance: TLS handshake failed
At least an information should be printed which certificate is implicitly used to establish the mTLS connection and what has to be renewed.
jkbschmid
commented
2 years ago
Check the expiry date of the identity certificate before the DCL upload. It is used to establish a mTLS connection to the ams-server.
For bindings created with
X509_GENERATEDthe cert is only valid 30 days. Trying to use an expired cert might cause errors which the consumer does not understand at first glance:TLS handshake failedAt least an information should be printed which certificate is implicitly used to establish the mTLS connection and what has to be renewed.