The ocsp updater should have a new setting for validating the signature expiry, so that we can fail if it's not sufficiently far off into the future and potentially notice these problems via icinga.
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
update-ocsp: refactor validation, check cert life | operations/puppet | production | +96 -51 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | BBlack | T109740 ocsp updater: re-enable automatic updates | |||
Resolved | BBlack | T109738 ocsp updater: validate the signature expiry lifetime |
Event Timeline
Comment Actions
Change 232873 had a related patch set uploaded (by BBlack):
update-ocsp: refactor validation, check cert life