Rotating Cert's Still Not Clear #1440
Replies: 1 comment
-
|
While continuing to troubleshoot, I can get the rotation working when NOT referencing the CA as a file with-in the config and instead pasting the output from both of the CA files inline like in documentation example. However, it's stated that you can also append the CA as a file which is where I'm having trouble. Running a test on the config: Nebula complains: Which is why my original post in this thread shows my config as such: Although testing the config passes, Nebula seems to only recognize the last So for me the issue is referencing more than one CA file with-in the |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Nebula Version: 1.9.6
I've been following the docs mentioned in #1292 but I get the following error when updating existing hosts trust bundles from step 2 of the docs:
Config Portion on remote host With New CA Appended:
If I copy over the new ca_test.crt and then restart Nebula it doesn't fail but then hosts still on the original cert can't connect. Nebula logs show it trusting only the fingerprint from the newly appended CA with no reference to the original/still valid CA. In the documentation, the order isn't clear to me on how the rotation process should go. i.e. - Create new CA, update YOUR machine first, then copy new ca.crt to hosts and update their configs with appended CA, etc, etc. I've tried multiple ways to rotate in a new cert but can't keep Nebula working while a config is referencing two different yet valid certs (one about to expire and the newly minted one). Thank you in advance.
Beta Was this translation helpful? Give feedback.
All reactions