Rmtak-api internal mTLS certs do expire before others.
What I expected
Successfully downloaded TAK client zips from RMUI.
What happened instead
UI returns errors on attempting to fetch TAK client zips.
Logs
From my memory,
rmnginx says 500 or 503 upon api call to fetch zips, and that's because of the cert handshake failure from rmapi to rmtakapi
Why?
Previously diagnosed but forgotten to write a bug report of, the reason for this is rmtakapi mTLS expirydate, vs. expirydate of other mTLS certs in the composition & the CA. The bug started happening after making it possible to move expirydate for other components' certificates by an env flag, so this is probably caused by the effect of that env flag not extending to rmtakapi aswell.
Workaround
Delete all certs from rmtakapi container, which will prompt it to enroll new ones from RMAPI
What
Rmtak-api internal mTLS certs do expire before others.
What I expected
Successfully downloaded TAK client zips from RMUI.
What happened instead
UI returns errors on attempting to fetch TAK client zips.
Logs
From my memory,
Why?
Previously diagnosed but forgotten to write a bug report of, the reason for this is rmtakapi mTLS expirydate, vs. expirydate of other mTLS certs in the composition & the CA. The bug started happening after making it possible to move expirydate for other components' certificates by an env flag, so this is probably caused by the effect of that env flag not extending to rmtakapi aswell.
Workaround