Opened 9 years ago
Closed 9 years ago
#1469 closed (fixed)
Sign CSR for VTS at UIUC
Reported by: | nick.bastin@gmail.com | Owned by: | tmitchel@bbn.com |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | GPO | Version: | SPIRAL7 |
Keywords: | Cc: | gpo-sw-dev@geni.net | |
Dependencies: |
Description
Name: vts-uiuc Email: nick@bssoftworks.com
Attachments (2)
Change History (9)
Changed 9 years ago by
Attachment: | tool-vts-uiuc.csr added |
---|
comment:1 Changed 9 years ago by
Owner: | changed from somebody to tmitchel@bbn.com |
---|---|
Status: | new → accepted |
comment:2 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
comment:3 Changed 9 years ago by
Is it possible to re-issue this without crushing the original subject? Right now there's no way for a client to validate that this certificate didn't wander off to a different host.
comment:4 Changed 9 years ago by
This is intended to be a client certificate, not a server certificate. The issued certificate is for authentication of a tool within GENI, for instance for use with a speaks-for credential. If you need an SSL server certificate you'll need to use some other CA.
comment:5 Changed 9 years ago by
We have to have a GENI-signed certificate for the shared VLAN delegation code to work (otherwise we would not have gone this route). There's nothing that would particularly stop this from working with a tool certificate, which would be better than making each server a separate "user", which is the only other option.
comment:6 Changed 9 years ago by
Resolution: | fixed |
---|---|
Status: | closed → reopened |
Changed 9 years ago by
Attachment: | vts-uiuc.pem added |
---|
comment:7 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
A new certificate with the subject preserved from the CSR is attached.
$ openssl x509 -text -noout -in vts-uiuc.pem Certificate: Data: Version: 3 (0x2) Serial Number: 11321 (0x2c39) Signature Algorithm: sha1WithRSAEncryption Issuer: O=ch.geni.net, OU=authority, OU=ma, CN=31c0f09f-95f7-4510-a30b-d93df2bd02c9/emailAddress=ch-admins@geni.net Validity Not Before: May 20 16:33:06 2015 GMT Not After : May 18 16:33:06 2020 GMT Subject: C=US, ST=Illinois, L=Urbana, O=Barnstormer Softworks, Ltd., OU=GENI Operations, CN=72.36.65.30/emailAddress=nick@bssoftworks.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ba:aa:7e:8d:ec:ae:94:55:a1:67:8c:eb:40:1e: ba:b1:f8:39:85:9b:d3:76:70:ef:95:c9:ce:ae:d0: fe:d6:13:97:2c:30:b8:c3:c1:a5:3d:bf:72:43:9f: 1c:e9:b8:07:47:81:7b:41:3d:89:ce:87:64:7d:a8: 87:bd:05:37:b8:23:7d:5c:27:23:9d:19:91:0b:e6: 6b:a6:a2:bf:34:09:a8:70:72:38:f5:db:da:66:58: f8:aa:73:97:66:f1:7e:dd:df:a4:b7:77:e8:23:5e: 8a:30:e1:3a:25:bc:d1:f6:81:18:a3:ec:d5:7c:81: cb:b9:cd:4d:30:86:85:7b:7a:aa:39:69:83:bb:54: e2:08:8b:7b:e1:94:80:b2:1d:4f:37:6e:59:65:ae: fc:71:de:54:5d:45:13:31:58:e1:dc:40:7e:7b:38: 5c:48:27:01:3d:ed:80:36:5e:9d:82:30:44:3c:5b: 9e:a7:66:79:b0:dd:40:b8:ed:9c:f3:48:78:06:1a: 2e:db:e7:32:a5:7f:46:6c:ee:5f:97:62:e4:0e:22: aa:65:4d:79:80:8b:9c:da:1e:59:c0:6a:5b:a7:9a: 0e:f2:51:71:76:c4:a9:2d:bf:cc:b1:9c:35:00:b5: bd:a8:98:a1:52:f6:85:6c:c2:0c:67:0d:98:47:d9: 72:d5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 91:B4:E8:6A:69:B3:1D:06:6B:2A:0E:88:AA:FE:10:CC:EC:F3:0C:93 X509v3 Authority Key Identifier: keyid:71:A5:82:E6:1E:F1:B4:D0:2B:8B:A6:85:8F:E8:1A:5D:62:7D:31:AE DirName:/CN=ch.geni.net serial:03 X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: email:nick@bssoftworks.com, URI:urn:publicid:IDN+ch.geni.net+tool+vts-uiuc, URI:urn:uuid:67665373-0db3-428b-897a-d48b96ac7528 Signature Algorithm: sha1WithRSAEncryption 33:b8:97:3f:b9:81:bb:a6:13:c9:a5:10:6b:35:9d:30:b4:99: fe:6f:43:2b:cb:06:8e:ed:7d:16:1d:11:01:d0:a2:ec:f7:a3: 34:99:19:99:d1:87:5b:59:14:31:6c:f3:5f:13:2b:25:f5:e7: b9:76:17:20:0a:18:1a:81:85:3d:40:39:88:0d:77:e9:c2:87: 38:84:37:8f:9a:e7:37:10:ab:75:14:0e:06:08:3c:2c:c2:3d: a7:0f:7e:20:f1:b4:a4:a1:35:de:bf:cb:87:da:00:c3:1c:ce: 75:4c:33:b5:81:dd:3e:d0:d1:cb:96:81:af:f7:ce:70:46:91: d8:9f
The certificate is attached.
URN:
URI:urn:publicid:IDN+ch.geni.net+tool+vts-uiuc
Expires: May 13 11:12:18 2020 GMT