Autocreate self-signed SSL certificates #2429
Labels
high impact
impacts the basic function, deployment, or operation of a CDN
new feature
A new feature, capability or behavior
Traffic Ops
related to Traffic Ops
Projects
Comments
mitchell852
added
Traffic Ops API (golang)
new feature
|
With the version of TR in the repo today, this can also cause TrafficRouter to also stop processing CRConfigs. |
|
TR not processing the CrConfig due to missing certificates has been in TR since 1.7 when we added HTTPS support. |
mitchell852
added
Traffic Ops
Closed
|
also, see #2159 to figure out if implementing Let's encrypt would nullify the need for this |
|
I don't think this is the way to solve this problem. We should be better with making changes more atomic. Therefore, I don't think this is something we will plan on fixing. |
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When creating a new Delivery service or modifying the type to support HTTPS, a default self-signed certificate should be created. This could be triggered by a miss when looking up the DS in riak. This specifically prevents situations where a CDN could be queued by a second user unaware of a DS change in flight. This is not prevented by DS Requests since you must fulfill the DS before you could create SSL certs. If this situation happens and ORT runs an update before SSL Keys are in place, a syncds will fail.
The text was updated successfully, but these errors were encountered: