Skip to content

Set testdata / example CA expiry to 20 years from issue date#4112

Merged
SuperQ merged 1 commit intoprometheus:mainfrom
dswarbrick:extend-certs
Dec 21, 2025
Merged

Set testdata / example CA expiry to 20 years from issue date#4112
SuperQ merged 1 commit intoprometheus:mainfrom
dswarbrick:extend-certs

Conversation

@dswarbrick
Copy link
Contributor

Also add human-readable x509 text format (as requested by @SuperQ in related PR prometheus/prometheus#14696)

Fixes: #3962

@dswarbrick
Copy link
Contributor Author

Incidentally, the expiry dates of the certs (both CA and server/client) seem to be a bit wild and inconsistent. The original CA had a lifetime of only 5 years, whilst the node{1,2}.pem certs had a 100 year lifetime (!). Usually the CA lifetime would be longer than host/node certs (although 100 years is a bit excessive).

It might be worth regenerating all the test / example certs with more sane lifetimes - and possibly consider bumping the key length to 4096 bits.

@dswarbrick dswarbrick requested a review from SuperQ August 14, 2025 20:26
@TheMeier
Copy link
Contributor

@dswarbrick Thank you for the contribution could you rebase that?

Also add human-readable x509 text format.

Signed-off-by: Daniel Swarbrick <daniel.swarbrick@gmail.com>
@SuperQ SuperQ merged commit 129dc75 into prometheus:main Dec 21, 2025
7 checks passed
@dswarbrick dswarbrick deleted the extend-certs branch December 21, 2025 13:57
@SoloJacobs SoloJacobs mentioned this pull request Jan 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Test certificates expiring in <2y

3 participants