Skip to content

[Backport 2.x] Regenerates root-ca, kirk and esnode certificates to address already expired root ca certificate #4066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 22, 2024
Merged

[Backport 2.x] Regenerates root-ca, kirk and esnode certificates to address already expired root ca certificate #4066

merged 1 commit into from
Feb 22, 2024

Conversation

@opensearch-trigger-bot
Copy link
Contributor

@opensearch-trigger-bot opensearch-trigger-bot bot commented Feb 22, 2024

Backport 9a6a018 from #4061.

@github-actions
Regenerates root-ca, kirk and esnode certificates to address already …
3631c5a 
…expired root ca certificate (#4061)

### Description

During the last renewal of certs
#3268, the option
`-days 3650` was missed for root-ca.pem cert causing it to set the
default expiry of 30 days. This PR regenerates the public cert
root-ca.pem, using the same private-key, and it also regenerate public
certs `es-node.pem` and `kirk.pem` so that they can be verified with
this new certificate.
* Category : Bug fix
* Why these changes are required?
    - To ensure the expiry is in 10 years from now
* What is the old behavior before changes and new behavior after
changes?
- root-ca is currently expired, and this change will set expiry to 2034

### Issues Resolved
- Resolves #4047

### Testing
- Automated testing + [Manual
Testing](#4061 (comment))

---------

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
(cherry picked from commit 9a6a018)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@codecov
Copy link

codecov bot commented Feb 22, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (865ae80) 65.70% compared to head (3631c5a) 65.73%.
Report is 1 commits behind head on 2.x.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##              2.x    #4066      +/-   ##
==========================================
+ Coverage   65.70%   65.73%   +0.02%     
==========================================
  Files         297      297              
  Lines       21094    21097       +3     
  Branches     3453     3453              
==========================================
+ Hits        13860    13868       +8     
+ Misses       5508     5502       -6     
- Partials     1726     1727       +1
Files Coverage Δ
.../opensearch/security/OpenSearchSecurityPlugin.java 84.64% <100.00%> (+0.06%) ⬆️
...search/security/tools/democonfig/Certificates.java 100.00% <ø> (ø)

... and 3 files with indirect coverage changes

@DarshitChanpura DarshitChanpura merged commit e3f49c3 into 2.x Feb 22, 2024
@DarshitChanpura DarshitChanpura deleted the backport/backport-4061-to-2.x branch February 22, 2024 16:50
@stephen-crawford stephen-crawford added the v2.13.0 Issues targeting release v2.13.0 label Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DarshitChanpura DarshitChanpura DarshitChanpura approved these changes

@cliu123 cliu123 Awaiting requested review from cliu123

@cwperks cwperks Awaiting requested review from cwperks cwperks is a code owner

@davidlago davidlago Awaiting requested review from davidlago

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

@stephen-crawford stephen-crawford Awaiting requested review from stephen-crawford

@reta reta Awaiting requested review from reta reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin is a code owner

Assignees

No one assigned

Labels

v2.13.0 Issues targeting release v2.13.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DarshitChanpura @stephen-crawford