New CA or renew existing CA; what can I do?
RiemaruKarurosu opened this issue · comments
Riemaru Karurosu commented
What version of nebula
are you using?
1.7.2
What operating system are you using?
Linux and Windows
Describe the Bug
My CA expires the next month, I have almost 100 hosts that depend of this service.
What do I have to do to? create a new CA or renew the CA (in some way that I don't know)
All my hosts will disconnect and stop working when the CA expires the next month or they could work after a certain period?
Hope you can help me withs issue.
Thanks
Logs from affected hosts
No response
Config files from affected hosts
No response
John Maguire commented
Hi @RiemaruKarurosu -
As Benjamin and Brad mentioned on Slack:
- Generate a new Certificate Authority, add it to the trust bundle of all your hosts and send a
SIGHUP
to each host in order to reload its config. - Issue certs for each host using the new CA. Update the
pki.cert
andpki.key
on each host with the new cert info, and send anotherSIGHUP
. - Finally, once all hosts have been moved to the new CA, remove the original CA from the trust bundle, and send a final
SIGHUP
.