I am curious as to how the service certificates are being updated? I need to make sure we don't have any cert that are in danger of expiring. Do they automatically update from the SA Head and pushed down to the downstream host via chef? If a service cert expires what is the threat? Do we lose service? I was given the below command script to run on downstream hosts to validate the service certs:
for i in /etc/pki/nw/node/*.pem;do echo "$i";openssl x509 -enddate -noout -in "$i";done
However, I do not know how these certs are updated, when they are updated, and what happens if they do not update. Please advise. Thanks.