This is another instance of false(?) CRITICAL errors raised by the check_ssl_cert, which is pretty similar to #2008190 and #1996123 LP bugs. The default configuration of check_ssl_cert enforces a maximum validity period of 397 days for all certificates and this causes CRITICAL errors to be raised, which makes the users uncomfortable:
SSL_CERT CRITICAL example.com: The certificate cannot be valid for more than 397 days (1080)|days_chain_elem1=271;270;269;; days_chain_elem2=271;270;269;; days_chain_elem3=2544;270;269;; days_chain_elem4=4709;270;269;;
We could add another boolean flag for enabling/disabling this check, and/or for altering the MAXIMUM_VALIDITY, but this will cause unnecessary clutter in the charm config options given that check_ssl_cert has a long list of options, and there may be future instances of false alerts related to check_ssl_cert's defaults.
So, my suggestion would be to add a check-ssl-cert-extra-options charm option that allows any combination of check_ssl_cert flags to be specified.
This is another instance of false(?) CRITICAL errors raised by the check_ssl_cert, which is pretty similar to #2008190 and #1996123 LP bugs. The default configuration of check_ssl_cert enforces a maximum validity period of 397 days for all certificates and this causes CRITICAL errors to be raised, which makes the users uncomfortable:
SSL_CERT CRITICAL example.com: The certificate cannot be valid for more than 397 days (1080)|days_chain_elem1=271;270;269;; days_chain_elem2=271;270;269;; days_chain_elem3=2544;270;269;; days_chain_elem4=4709;270;269;;
We could add another boolean flag for enabling/disabling this check, and/or for altering the MAXIMUM_VALIDITY, but this will cause unnecessary clutter in the charm config options given that check_ssl_cert has a long list of options, and there may be future instances of false alerts related to check_ssl_cert's defaults.
So, my suggestion would be to add a
check-ssl-cert-extra-optionscharm option that allows any combination of check_ssl_cert flags to be specified.Imported from Launchpad using lp2gh.
date created: 2023-05-10T12:48:50Z
owner: mustafakemalgilor
assignee: mustafakemalgilor
the launchpad url