mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 08:58:41 +00:00
d0d65b6dec
For #24880 This includes a logic to gather the expiration date of managed NDES certs and renewal of these certs. This PR includes some validation logic (needed to not interfere with custom SCEP validation). The rest of validation will be implemented as part of #24878 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
1 line
565 B
Text
1 line
565 B
Text
Fleet-managed NDES certificates will be renewed 30 days before expiry for those valid longer than 30 days or when half the validity period remains for certificates valid 30 days or less. This only applies to certificates that were requested after this renewal feature was added. For hosts with NDES certificates requested prior to this renew feature, updating the profile to contain the $FLEET_VAR_SCEP_RENEWAL_ID variable in the CN and then manually resending the profile will generate a new certificate which will be automatically renewed before its next expiry.
|