issue internal CA for 20 years

Currently our internal CA is always issued for 10 years during the initial engine-setup. This carries over upgrades and on old enough installations we can get close to expiration. We don't have an easy way how to replace internal CA without complete downtime, and running over the expiration date leads to a complete cease of communication between all oVirt components. Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=2079799
oVirt · May 4, 2022 · 35b0719 · 35b0719
1 parent ef5c2e4
commit 35b0719
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packaging/bin/pki-create-ca.sh b/packaging/bin/pki-create-ca.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-CA_DAYS="3650"
+CA_DAYS="7300"
 KEYTOOL="${JAVA_HOME:-/usr}/bin/keytool"
 
 clean_pki_dir() {