Changes between Initial Version and Version 2 of Ticket #126


Ignore:
Timestamp:
04/02/13 08:35:39 (11 years ago)
Author:
ahelsing@bbn.com
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #126

    • Property Priority changed from minor to major
    • Property Summary changed from AM certs are all the same and all expired to AM certs should include the AM URN

  • Ticket #126 – Description

    initial v2  
    1 The SSL server certificate used for the AM API server at the ExoSM, RENCI and BBN has 2 issues:
    2  1. It is the identical certificate at all 3 servers, mis-identifying itself as geni.renci.org
    3  2. It expired in February
    4 
    5 This is not currently breaking anything. At some point it may be a problem if future AM clients are more picky. For example, Flack may care.
     1The SSL server certificate used for the AM API server must be valid, and unique per rack/site (aggregate).
    62
    73In addition, it would be slightly better if the AM certificate conformed to GENI AM API standards more closely, in 2 ways: include (1) a URN in the subjectAltName (e.g. same as the URN in the component_manager_id field of your RSpecs, naming the AM) and (2) an email address in the subjectAltName (e.g. pointing to exogeni-ops). See http://groups.geni.net/geni/wiki/GeniApiCertificates