Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
None
Description
Michael Gettes 12 hours ago
now, something to think about for the future??? maybe build into the grouper startup config the ability to use ACME to obtain certs? I hope it's obvious as to how this could make TLS config easier for a variety of scenarios. Something to consider, maybe?
Michael Gettes 12 hours ago
i can appreciate the complexity of ACME for a running environment of grouper so maybe just use ACME on startup and a periodic restart of Grouper (which has other challenges to quiesce if daemon is used - previously discussed and still desirable) and then regular updates of certs is solved.
Chris Hubing 11 hours ago
hehe, need to talk to paul about acme… we are using that in the CSP workbrench stuff to grab a real cert in the startup process of things being kicked off in an auto-scaling group.
Michael Gettes 11 hours ago
the "hehe". this means "good" or it's problematic? any excuse to speak with Paul is a good thing.
Chris Hubing 11 hours ago
no, it’s awesome and works.
Michael Gettes 11 hours ago
YAY!