I’ve been busy with openBalena for a while and this time I have a question about the certificates of openBalena.
When creating an openBalena instance using
./scripts/quickstart, some certificates are being generated. These are used in the following environment variables (afaik):
OPENBALENA_ROOT_CA OPENBALENA_ROOT_CRT OPENBALENA_ROOT_KEY OPENBALENA_VPN_CA OPENBALENA_VPN_CA_CHAIN OPENBALENA_VPN_SERVER_CRT OPENBALENA_VPN_SERVER_KEY OPENBALENA_VPN_SERVER_DH
I have limited knowledge about certificates and I’d like to know more about the openBalena certificates. I’ve only worked with SSL certificates for HTTPS connections. Now, I know that openBalena uses HTTPS, and I use Let’s Encrypt for the HTTPS endpoints instead of the generated certificates, so I don’t get any errors while trying to connect. However, the VPN endpoint and VPN certificates don’t use Let’s Encrypt, because these are other certificates.
As far as I know, certificates have an expiry date. Let’s Encrypt uses 90 days by default and other SSL providers use 1 year. But what’s the expiry date on the openBalena certificates, like the VPN? And if they expire, what happens next? And is there a way to create new certificates for devices or something?
I’m asking this because I don’t want to know about the expiry after they’ve expired .
Thanks in advance!