1 Answer
- Newest
- Most votes
- Most comments
0
Hi. The certificate is a convenient vehicle for the client to verify [using standard SSL tools] that it is talking to its own cluster, before sending across login credentials. There is no mechanism to rotate the cluster certificate, as the HSM has no notion of a root CA or chain of trust. The customer CA key pair IS that root of trust from the clusters point of view. Therefore, there is no signficance to the certificate expiring and the expiry date is not checked in our stack.
answered a year ago
Relevant content
- asked 10 months ago
- asked 2 years ago
- asked 8 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago