Bug 651867

Summary: Admin certificates expiration date is way too long
Product: [Retired] Pulp Reporter: Jay Dobies <jason.dobies>
Component: z_otherAssignee: Jay Dobies <jason.dobies>
Status: CLOSED CURRENTRELEASE QA Contact: Preethi Thomas <pthomas>
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: sghai, skarmark
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-16 14:02:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 647488    

Description Jay Dobies 2010-11-10 14:19:29 UTC 
I'm guessing this is more temporary code that was left in the initial implementation of the admin certificates. The expiration time of the certs is 3650 days.

In cert_generator.py:
cmd = 'openssl x509 -req -sha1 -CA %s -CAkey %s -set_serial %s -days 3650'


<jortel> I'd vote for say .. 7 days.  it's not meant to be a perm login, right?
<jortel> more like a session?
<jdob> exactly
Comment 1 Sayli Karmarkar 2011-07-15 06:15:16 UTC 
Fixed in CR 14
Comment 2 Sachin Ghai 2011-07-19 10:11:57 UTC 
Verified with pulp build 0.208. The expiration time of certs is 7 days now.

pulp-admin -u admin -p admin auth login --username admin --password admin
User credentials successfully stored at [/root/.pulp/user-cert.pem]

[root@dhcp201-175 .pulp]# openssl x509 -in user-cert.pem -noout -text

 <snippet>
    Data:
        Version: 1 (0x0)
        Serial Number: 9 (0x9)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=RHUI User PKI
        Validity
            Not Before: Jul 19 09:38:22 2011 GMT
            Not After : Jul 26 09:38:22 2011 GMT
        Subject: CN=admin:admin:b244007c-1a1d-46ac-956b-6a6cfcb2dd52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
 </snippet>
Comment 3 Sachin Ghai 2011-07-20 10:07:37 UTC 
As per the comment 2, the expiration time of certs is 7 days now. And even after expiartion of these certs, pulp-admin is rejecting them.

[root@dhcp201-175 .pulp]# pulp-admin cds list
error: operation failed: sslv3 alert certificate expired


So moving this to verified.
Comment 4 Preethi Thomas 2011-08-16 14:02:50 UTC 
Closing with Community Release 15

pulp-0.0.223-4.