Dear all,
I don't know if this is dependent on the version of FreeIPA or Red Hat IdM but we were facing the issue that with
|
--- |
|
- hosts: webserver |
|
vars: |
|
certificate_requests: |
|
- name: mycert |
|
dns: www.example.com |
|
principal: HTTP/www.example.com@EXAMPLE.COM |
|
ca: ipa |
|
|
|
roles: |
|
- linux-system-roles.certificate |
certificates were renewed every time the role ran. We found out, the key_size needs to be set to prevent that. After we set this, the certificates only get renewed when they're for whatever reason are no longer valid or some properties changed.
Since I'm not sure that is dependent on the version of FreeIPA, I'm not sure if the README needs adjustment or just a note, that setting key_size might be required. Maybe also extending the test cases may be useful.
Kind regards,
Simon
Dear all,
I don't know if this is dependent on the version of FreeIPA or Red Hat IdM but we were facing the issue that with
certificate/README.md
Lines 381 to 391 in dd1fa0c
certificates were renewed every time the role ran. We found out, the
key_sizeneeds to be set to prevent that. After we set this, the certificates only get renewed when they're for whatever reason are no longer valid or some properties changed.Since I'm not sure that is dependent on the version of FreeIPA, I'm not sure if the README needs adjustment or just a note, that setting
key_sizemight be required. Maybe also extending the test cases may be useful.Kind regards,
Simon