Bug 651867 - Admin certificates expiration date is way too long
Summary: Admin certificates expiration date is way too long
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Pulp
Classification: Retired
Component: z_other
Version: unspecified
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
: ---
Assignee: Jay Dobies
QA Contact: Preethi Thomas
URL:
Whiteboard:
Depends On:
Blocks: verified-to-close
TreeView+ depends on / blocked
 
Reported: 2010-11-10 14:19 UTC by Jay Dobies
Modified: 2011-08-16 14:02 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-08-16 14:02:50 UTC
Embargoed:

Attachments (Terms of Use)

Description Jay Dobies 2010-11-10 14:19:29 UTC 
I'm guessing this is more temporary code that was left in the initial implementation of the admin certificates. The expiration time of the certs is 3650 days.

In cert_generator.py:
cmd = 'openssl x509 -req -sha1 -CA %s -CAkey %s -set_serial %s -days 3650'


<jortel> I'd vote for say .. 7 days.  it's not meant to be a perm login, right?
<jortel> more like a session?
<jdob> exactly
Comment 1 Sayli Karmarkar 2011-07-15 06:15:16 UTC 
Fixed in CR 14
Comment 2 Sachin Ghai 2011-07-19 10:11:57 UTC 
Verified with pulp build 0.208. The expiration time of certs is 7 days now.

pulp-admin -u admin -p admin auth login --username admin --password admin
User credentials successfully stored at [/root/.pulp/user-cert.pem]

[root@dhcp201-175 .pulp]# openssl x509 -in user-cert.pem -noout -text

 <snippet>
    Data:
        Version: 1 (0x0)
        Serial Number: 9 (0x9)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=RHUI User PKI
        Validity
            Not Before: Jul 19 09:38:22 2011 GMT
            Not After : Jul 26 09:38:22 2011 GMT
        Subject: CN=admin:admin:b244007c-1a1d-46ac-956b-6a6cfcb2dd52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
 </snippet>
Comment 3 Sachin Ghai 2011-07-20 10:07:37 UTC 
As per the comment 2, the expiration time of certs is 7 days now. And even after expiartion of these certs, pulp-admin is rejecting them.

[root@dhcp201-175 .pulp]# pulp-admin cds list
error: operation failed: sslv3 alert certificate expired


So moving this to verified.
Comment 4 Preethi Thomas 2011-08-16 14:02:50 UTC 
Closing with Community Release 15

pulp-0.0.223-4.
Note You need to log in before you can comment on or make changes to this bug.