Opened 12 years ago

Last modified 11 years ago

#126 new

AM certs should include the AM URN

Reported by: Owned by: somebody
Priority: minor Milestone:
Component: AM Version: SPIRAL5
Keywords: Cc:

Description (last modified by

The SSL server certificate used for the AM API server must be valid, and unique per rack/site (aggregate).

In addition, it would be slightly better if the AM certificate conformed to GENI AM API standards more closely, in 2 ways: include (1) a URN in the subjectAltName (e.g. same as the URN in the component_manager_id field of your RSpecs, naming the AM) and (2) an email address in the subjectAltName (e.g. pointing to exogeni-ops). See

Change History (3)

comment:1 Changed 11 years ago by

Priority: minormajor

To support Flack

  • Certs must be valid
  • Certs must include the AM URN / component_manager_id in the subjectAltName

Certs may however be self-signed.

Including an email address is optional, but nice.

comment:2 Changed 11 years ago by

Description: modified (diff)
Summary: AM certs are all the same and all expiredAM certs should include the AM URN

comment:3 Changed 11 years ago by

Priority: majorminor
type: taskenhancement
Note: See TracTickets for help on using tickets.