Context Navigation

← Previous Ticket
Next Ticket →

#126 new

AM certs should include the AM URN

Reported by:	ahelsing@bbn.com	Owned by:	somebody
Priority:	minor	Milestone:
Component:	AM	Version:	SPIRAL5
Keywords:		Cc:
Dependencies:

Description (last modified by ahelsing@bbn.com)

The SSL server certificate used for the AM API server must be valid, and unique per rack/site (aggregate).

In addition, it would be slightly better if the AM certificate conformed to GENI AM API standards more closely, in 2 ways: include (1) a URN in the subjectAltName (e.g. same as the URN in the component_manager_id field of your RSpecs, naming the AM) and (2) an email address in the subjectAltName (e.g. pointing to exogeni-ops). See http://groups.geni.net/geni/wiki/GeniApiCertificates

Change History (3)

comment:1 Changed 11 years ago by ahelsing@bbn.com

Priority:	minor → major

To support Flack

Certs must be valid
Certs must include the AM URN / component_manager_id in the subjectAltName

Certs may however be self-signed.

Including an email address is optional, but nice.

comment:2 Changed 11 years ago by ahelsing@bbn.com

Description:	modified (diff)
Summary:	AM certs are all the same and all expired → AM certs should include the AM URN

comment:3 Changed 11 years ago by ahelsing@bbn.com

Priority:	major → minor
type:	task → enhancement

Note: See TracTickets for help on using tickets.

Download in other formats: