Opened 10 years ago

Last modified 9 years ago

#126 new

AM certs should include the AM URN

Reported by: ahelsing@bbn.com Owned by: somebody
Priority: minor Milestone:
Component: AM Version: SPIRAL5
Keywords: Cc:
Dependencies:

Description (last modified by ahelsing@bbn.com)

The SSL server certificate used for the AM API server must be valid, and unique per rack/site (aggregate).

In addition, it would be slightly better if the AM certificate conformed to GENI AM API standards more closely, in 2 ways: include (1) a URN in the subjectAltName (e.g. same as the URN in the component_manager_id field of your RSpecs, naming the AM) and (2) an email address in the subjectAltName (e.g. pointing to exogeni-ops). See http://groups.geni.net/geni/wiki/GeniApiCertificates

Change History (3)

comment:1 Changed 9 years ago by ahelsing@bbn.com

Priority: minormajor

To support Flack

  • Certs must be valid
  • Certs must include the AM URN / component_manager_id in the subjectAltName

Certs may however be self-signed.

Including an email address is optional, but nice.

comment:2 Changed 9 years ago by ahelsing@bbn.com

Description: modified (diff)
Summary: AM certs are all the same and all expiredAM certs should include the AM URN

comment:3 Changed 9 years ago by ahelsing@bbn.com

Priority: majorminor
type: taskenhancement
Note: See TracTickets for help on using tickets.