Opened 12 years ago
Last modified 11 years ago
#126 new
AM certs are all the same and all expired — at Initial Version
Reported by: | ahelsing@bbn.com | Owned by: | somebody |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | AM | Version: | SPIRAL5 |
Keywords: | Cc: | ||
Dependencies: |
Description
The SSL server certificate used for the AM API server at the ExoSM, RENCI and BBN has 2 issues:
- It is the identical certificate at all 3 servers, mis-identifying itself as geni.renci.org
- It expired in February
This is not currently breaking anything. At some point it may be a problem if future AM clients are more picky. For example, Flack may care.
In addition, it would be slightly better if the AM certificate conformed to GENI AM API standards more closely, in 2 ways: include (1) a URN in the subjectAltName (e.g. same as the URN in the component_manager_id field of your RSpecs, naming the AM) and (2) an email address in the subjectAltName (e.g. pointing to exogeni-ops). See http://groups.geni.net/geni/wiki/GeniApiCertificates