documentation: add certificates expired note

2024-09-27 06:25:44 +00:00 · 2020-10-28 01:57:27 +08:00 · 2020-10-28 01:57:27 +08:00 · 8fd24f51c3
commit 8fd24f51c3
parent a960d6b1c7
1 changed files with 2 additions and 0 deletions
--- a/Documentation/op-guide/security.md
+++ b/Documentation/op-guide/security.md
@ -196,6 +196,8 @@ The etcd members will form a cluster and all communication between members in th

 ## Example 4: Automatic self-signed transport security

+**NOTE:** When you specify ClientAutoTLS and PeerAutoTLS, the validity period of the client certificate and peer certificate automatically generated by etcd is only 1 year. You can specify the --self-signed-cert-validity flag to set the validity period of the certificate in years.
+
 For cases where communication encryption, but not authentication, is needed, etcd supports encrypting its messages with automatically generated self-signed certificates. This simplifies deployment because there is no need for managing certificates and keys outside of etcd.
 Configure etcd to use self-signed certificates for client and peer connections with the flags `--auto-tls` and `--peer-auto-tls`: