Verify certs expiring in December and create a plan

[meganhicks]

LHDI has notified Berni and Megan that VRO has certificates due for renewal in December. This ticket is to investigate which certificates need renewal and develop an efficient plan for handling this, considering the VRO decommissioning.

Tasks:

Identify which certificates need to be renewed. Make a recommendation to the team on how to proceed. Create tickets for any additional work required.

[brostk]

My limited understanding of the team's use of certs makes me think we'll need to verify the expiration on any of our certificates which are used by our apps (bgs-api and bip-api use the same one, bie-kafka I think uses its own; partner teams don't appear to use) and replace any which are set to expire soon, if that's our desired direction. No or little action may be necessary depending on the timeline of the decommissioning.

We can verify the expiration using either keytool -list -keystore keystore.p12 -v or openssl pkcs12 -in keystore.p12 -nodes | openssl x509 -noout -enddate in a pod terminal via Lens.

[meganhicks]

Gabriel said he is checking on this on a thread in slack with Berni and I.