-
Bug
-
Resolution: Done
-
High
-
Frankfurt Release
For some unknown reasons certificate between CertService client and CertService server was issued just for 3 months. Yesterday it has expired.
So either it will be regenerated to 1 year or dynamic certificate generation will be introduced (contribution already exists but requires moving to Frankfurt OOM branch).
Without fix CMPv2 doesn't work.
c:\Program Files (x86)\jre1.8.0_201\jre1.8.0_201\bin>keytool -list -keystore "C:\git_checkouts\ONAP\oom\kubernetes\aaf\components\aaf-cert-service\resources\certServiceClient-keystore.jks" -v Enter keystore password: Keystore type: jks Keystore provider: SUNYour keystore contains 1 entryAlias name: certserviceclient Creation date: 2020-04-03 Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=certServiceClient.com, OU=certServiceClient company, O=certServiceClient org, L=Wroclaw, ST=Dolny Slask, C=PL Issuer: CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL Serial number: 2f0c784b Valid from: Fri Apr 03 11:16:20 CEST 2020 until: Thu Jul 02 11:16:20 CEST 2020 Certificate fingerprints: MD5: 0C:BE:A4:A4:E9:5C:F7:41:F1:8C:40:8E:11:6B:8B:91 SHA1: 1A:95:20:79:7F:D8:84:D0:23:5A:F8:62:F8:8D:73:AD:BC:45:39:A2 SHA256: 84:EA:75:FD:14:D8:84:E4:22:27:11:50:EA:5A:96:5F:E0:65:43:FE:6D:4B:D0:64:2F:78:30:58:D5:57:E2:DB Signature algorithm name: SHA384withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3Extensions:#1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 8D 94 5C 91 E7 AC E1 EB B9 A7 BD 84 E6 9A 02 50 ..\............P 0010: 57 11 09 AE W... ] ]#2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:0 ]#3: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ]#4: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: F6 3B BA B8 F0 F0 F1 F7 FD DD 57 8E 33 B2 6A 6A .;........W.3.jj 0010: 93 3A 34 50 .:4P ] ]Certificate[2]: Owner: CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL Issuer: CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL Serial number: 4ec032f2 Valid from: Fri Apr 03 11:16:16 CEST 2020 until: Mon Apr 01 11:16:16 CEST 2030 Certificate fingerprints: MD5: 5D:92:83:D5:02:E8:FD:34:1F:8E:4E:2F:2C:B8:38:0E SHA1: 66:5C:37:4F:79:9A:C9:30:D7:EF:CF:22:1C:92:79:B9:79:E2:16:69 SHA256: 59:90:05:7B:D7:03:A7:64:19:48:02:6D:2D:5E:E1:9E:0A:26:DB:17:76:0A:16:15:04:3D:FD:58:AA:93:79:21 Signature algorithm name: SHA384withRSA Subject Public Key Algorithm: 4096-bit RSA key Version: 3Extensions:#1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ]#2: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 8D 94 5C 91 E7 AC E1 EB B9 A7 BD 84 E6 9A 02 50 ..\............P 0010: 57 11 09 AE W... ] ]******************************************* *******************************************Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\git_checkouts\ONAP\oom\kubernetes\aaf\components\aaf-cert-service\resources\certServiceClient-keystore.jks -destkeystore C:\git_checkouts\ONAP\oom\kubernetes\aaf\components\aaf-cert-service\resources\certServiceClient-keystore.jks -deststoretype pkcs12".
- mentioned in
-
Page Loading...