Skip to content

feat: Retire CA certificates #650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Oct 28, 2025
Merged

feat: Retire CA certificates #650

merged 11 commits into from
Oct 28, 2025

Conversation

@siegfriedweber
Copy link
Member

@siegfriedweber siegfriedweber commented Oct 23, 2025
edited
Loading

Description

  • CA certificates are retired one hour (configurable via autoTls.ca.caCertificateRetirementDuration) before they expire.
  • BREAKING: Expired and retired CA certificates are no longer published in Volumes and TrustStores.

Closes #625

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes

Author

Reviewer

  • Code contains useful comments
  • Code contains useful logging statements
  • (Integration-)Test cases added
  • Documentation added or updated. Follows the style guide.
  • Changelog updated
  • Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

  • Feature Tracker has been updated
  • Proper release label has been added
  • Links to generated (nightly) docs added
  • Release note snippet added
  • Add type/deprecation label & add to the deprecation schedule
  • Add type/experimental label & add to the experimental features tracker

@siegfriedweber siegfriedweber requested a review from a team October 23, 2025 09:34
@siegfriedweber siegfriedweber self-assigned this Oct 23, 2025
@siegfriedweber siegfriedweber moved this to Development: Waiting for Review in Stackable Engineering Oct 23, 2025
Techassi
Techassi reviewed Oct 23, 2025
View reviewed changes
Copy link
Member

@Techassi Techassi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rust code mostly looks good to me. I left a few comments, questions, and suggestions.

@Techassi Techassi moved this from Development: Waiting for Review to Development: In Review in Stackable Engineering Oct 23, 2025
@siegfriedweber siegfriedweber added this pull request to the merge queue Oct 28, 2025
Merged via the queue into main with commit 5ce8bea Oct 28, 2025
17 checks passed
@siegfriedweber siegfriedweber deleted the feat/retire-ca-certs branch October 28, 2025 12:16
@siegfriedweber siegfriedweber mentioned this pull request Oct 28, 2025
Closed
@siegfriedweber siegfriedweber moved this from Development: In Review to Development: Done in Stackable Engineering Oct 28, 2025
This was referenced Oct 28, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Techassi Techassi Techassi approved these changes

Assignees

@siegfriedweber siegfriedweber

Labels

None yet

Projects

Stackable Engineering
Status: Development: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Do not publish retired (or expired) CA certificates

3 participants

@siegfriedweber @Techassi