Changes between Initial Version and Version 2 of Ticket #126
- Timestamp:
- 04/02/13 08:35:39 (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #126
-
Property
Priority
changed from
minor
tomajor
-
Property
Summary
changed from
AM certs are all the same and all expired
toAM certs should include the AM URN
-
Property
Priority
changed from
-
Ticket #126 – Description
initial v2 1 The SSL server certificate used for the AM API server at the ExoSM, RENCI and BBN has 2 issues: 2 1. It is the identical certificate at all 3 servers, mis-identifying itself as geni.renci.org 3 2. It expired in February 4 5 This is not currently breaking anything. At some point it may be a problem if future AM clients are more picky. For example, Flack may care. 1 The SSL server certificate used for the AM API server must be valid, and unique per rack/site (aggregate). 6 2 7 3 In addition, it would be slightly better if the AM certificate conformed to GENI AM API standards more closely, in 2 ways: include (1) a URN in the subjectAltName (e.g. same as the URN in the component_manager_id field of your RSpecs, naming the AM) and (2) an email address in the subjectAltName (e.g. pointing to exogeni-ops). See http://groups.geni.net/geni/wiki/GeniApiCertificates