From f5ff11a9dc503446913c82814097fba6d395de6c Mon Sep 17 00:00:00 2001 From: Randy Bush Date: Mon, 15 May 2017 09:33:39 +0900 Subject: instructions on renewing root cert --- doc/quickstart/xenial-ca.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/doc/quickstart/xenial-ca.md b/doc/quickstart/xenial-ca.md index d1975def..4a4c542b 100644 --- a/doc/quickstart/xenial-ca.md +++ b/doc/quickstart/xenial-ca.md @@ -474,3 +474,17 @@ There are other tools which will let you examine the ASN.1 if you have some reason to do so, but in this case it's not all that interesting, any valid RPKI root key will have identical values for all but one field of the ASN.1, and that field is a 2048-bit hexadecimal integer. + +## Renewing the Root Certificate + +By default, the root certificate has a one year expiration. The +software does not refresh the copy on disk automatically. Therefore it +would be good to put in a cron job something such as the following: + +``` +$ rpkic extract_root_certificate --output_file /usr/share/rpki/tal/root.cer +``` + +Note that the directory and filename will likely need to be adjusted for +your configuration. What does the TAL you publish say the filename and +location are? -- cgit v1.2.3 From 76d17bbaeea65ed62cc35bc3307ff6849e543db4 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 17 May 2017 00:21:02 -0400 Subject: rpkic delete_identity was triggering an obscure Django exception in rpkid. --- rpki/rpkidb/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py index d5264dad..7fdb7353 100644 --- a/rpki/rpkidb/models.py +++ b/rpki/rpkidb/models.py @@ -714,7 +714,7 @@ class Parent(models.Model): trace_call_chain() yield self.serve_revoke_forgotten(rpkid = rpkid) yield [ca.destroy(rpkid = rpkid, parent = self) - for ca in self.cas().all()] + for ca in self.cas.all()] if delete_parent: self.delete() -- cgit v1.2.3