rawlinp commented on a change in pull request #3436: Traffic router add https URL: https://github.com/apache/trafficcontrol/pull/3436#discussion_r310206825
########## File path: traffic_router/core/src/main/scripts/postinstall.sh ########## @@ -27,6 +28,17 @@ if [ -f /opt/traffic_router/conf/*.crt ]; then fi +echo -e " +cd /opt/traffic_router/conf + +keytool=\$(dirname \$(readlink -f \$(which java)))/keytool + +if [ ! -f /opt/traffic_router/conf/keyStore.jks ]; then \n + \$keytool -genkeypair -v -alias \$(hostname -f) -dname \"CN=\$(hostname -f), OU=APIDefault, O=Apache Traffic Control, L=Denver, ST=Colorado, C=US\" -keystore \$(pwd)/keyStore.jks -storepass changeit -keyalg RSA -ext KeyUsage=\"digitalSignature,keyEncipherment,keyCertSign\" -ext BasicConstraints:\"critical=ca:true\" -storetype JKS + \$keytool -exportcert -v -alias \$(hostname -f) -file \$(hostname -f).crt -keypass changeit -storepass changeit -keystore \$(pwd)/keyStore.jks -rfc Review comment: I had another thought when looking at the cert this generates. It appears by default a cert is only valid for about 90 days? Will that cause problems if TR isn't restarted within 90 days? Are we able to make it something crazy like 10 years if we want? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
