You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default certificates that are created for postgres client/server connections that are stored in central-db-tls have a 1 year expiration. The banners that typically warn of central or scanner certification expiration upcoming, do not exist for the similarly important central-db certificates used by postgres.
When this happens, with the default postgres settings of sslmode=verify-full central will then fail to start and will be inaccessible via both UX and API.
This happens with StackRox 4.4.0 (and presumably >= 4.0)
The text was updated successfully, but these errors were encountered:
danekantner
changed the title
Create CredentialExpiryBanner banner / warnings for certificate expiration of central-db-tls certificates
Create CredentialExpiryBanner warnings for certificate expiration of central-db-tls certificates
May 7, 2024
We're internally tracking this as ROX-24072.
While I can't comment on timelines, I double checked that this issue is linked in the ticket, so the according team updates here as soon as they have implemented a solution!
The default certificates that are created for postgres client/server connections that are stored in
central-db-tls
have a 1 year expiration. The banners that typically warn ofcentral
orscanner
certification expiration upcoming, do not exist for the similarly importantcentral-db
certificates used by postgres.When this happens, with the default postgres settings of
sslmode=verify-full
central will then fail to start and will be inaccessible via both UX and API.This happens with StackRox 4.4.0 (and presumably >= 4.0)
The text was updated successfully, but these errors were encountered: