Re: [lxc-users] lxc exec / list: x509: certificate has expired or is not yet valid

Tomasz Chmielewski Thu, 02 Jun 2016 06:17:38 -0700

On 2016-06-02 21:09, Tomasz Chmielewski wrote:

Not sure what's the procedure for this one:


# lxc list
error: Get https://10.0.0.1:8443/1.0/containers?recursion=1: x509:
certificate has expired or is not yet valid

Apparently LXD sets up a certificate with 1 year validity wheninstalled, but provides no mechanism to automatically update it. And canbe a big surprise after a year :|


Also, don't see the CSR file there?

So... what is the correct procedure to update the certificate on LXDserver and make sure it's still accepted by LXD clients?



# ls /var/lib/lxd/server.* -l
-rw-r--r-- 1 root root 1834 Jun  3  2015 /var/lib/lxd/server.crt
-rw------- 1 root root 3247 Jun  3  2015 /var/lib/lxd/server.key


# openssl x509 -text -noout -in server.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:f0:eb:8c:3f:76:f0:db:21:01:5d:34:1c:cd:f0:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=linuxcontainer.org
        Validity
            Not Before: Jun  3 06:33:15 2015 GMT
            Not After : Jun  2 06:33:15 2016 GMT
        Subject: O=linuxcontainer.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
(...)


Tomasz Chmielewski
http://wpkg.org
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxc exec / list: x509: certificate has expired or is not yet valid

Reply via email to