Opened 4 years ago

Closed 4 years ago

#1469 closed (fixed)

Sign CSR for VTS at UIUC

Reported by: nick.bastin@gmail.com Owned by: tmitchel@bbn.com
Priority: major Milestone:
Component: GPO Version: SPIRAL7
Keywords: Cc: gpo-sw-dev@geni.net
Dependencies:

Description

Name: vts-uiuc Email: nick@bssoftworks.com

Attachments (2)

tool-vts-uiuc.csr (1.1 KB) - added by nick.bastin@gmail.com 4 years ago.
vts-uiuc.pem (2.6 KB) - added by tmitchel@bbn.com 4 years ago.

Download all attachments as: .zip

Change History (9)

Changed 4 years ago by nick.bastin@gmail.com

Attachment: tool-vts-uiuc.csr added

comment:1 Changed 4 years ago by tmitchel@bbn.com

Owner: changed from somebody to tmitchel@bbn.com
Status: newaccepted

comment:2 Changed 4 years ago by tmitchel@bbn.com

Resolution: fixed
Status: acceptedclosed

The certificate is attached.

URN: URI:urn:publicid:IDN+ch.geni.net+tool+vts-uiuc
Expires: May 13 11:12:18 2020 GMT

comment:3 Changed 4 years ago by nick.bastin@gmail.com

Is it possible to re-issue this without crushing the original subject? Right now there's no way for a client to validate that this certificate didn't wander off to a different host.

comment:4 Changed 4 years ago by tmitchel@bbn.com

This is intended to be a client certificate, not a server certificate. The issued certificate is for authentication of a tool within GENI, for instance for use with a speaks-for credential. If you need an SSL server certificate you'll need to use some other CA.

comment:5 Changed 4 years ago by nick.bastin@gmail.com

We have to have a GENI-signed certificate for the shared VLAN delegation code to work (otherwise we would not have gone this route). There's nothing that would particularly stop this from working with a tool certificate, which would be better than making each server a separate "user", which is the only other option.

comment:6 Changed 4 years ago by nick.bastin@gmail.com

Resolution: fixed
Status: closedreopened

Changed 4 years ago by tmitchel@bbn.com

Attachment: vts-uiuc.pem added

comment:7 Changed 4 years ago by tmitchel@bbn.com

Resolution: fixed
Status: reopenedclosed

A new certificate with the subject preserved from the CSR is attached.

$ openssl x509 -text -noout -in vts-uiuc.pem 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11321 (0x2c39)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=ch.geni.net, OU=authority, OU=ma, CN=31c0f09f-95f7-4510-a30b-d93df2bd02c9/emailAddress=ch-admins@geni.net
        Validity
            Not Before: May 20 16:33:06 2015 GMT
            Not After : May 18 16:33:06 2020 GMT
        Subject: C=US, ST=Illinois, L=Urbana, O=Barnstormer Softworks, Ltd., OU=GENI Operations, CN=72.36.65.30/emailAddress=nick@bssoftworks.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ba:aa:7e:8d:ec:ae:94:55:a1:67:8c:eb:40:1e:
                    ba:b1:f8:39:85:9b:d3:76:70:ef:95:c9:ce:ae:d0:
                    fe:d6:13:97:2c:30:b8:c3:c1:a5:3d:bf:72:43:9f:
                    1c:e9:b8:07:47:81:7b:41:3d:89:ce:87:64:7d:a8:
                    87:bd:05:37:b8:23:7d:5c:27:23:9d:19:91:0b:e6:
                    6b:a6:a2:bf:34:09:a8:70:72:38:f5:db:da:66:58:
                    f8:aa:73:97:66:f1:7e:dd:df:a4:b7:77:e8:23:5e:
                    8a:30:e1:3a:25:bc:d1:f6:81:18:a3:ec:d5:7c:81:
                    cb:b9:cd:4d:30:86:85:7b:7a:aa:39:69:83:bb:54:
                    e2:08:8b:7b:e1:94:80:b2:1d:4f:37:6e:59:65:ae:
                    fc:71:de:54:5d:45:13:31:58:e1:dc:40:7e:7b:38:
                    5c:48:27:01:3d:ed:80:36:5e:9d:82:30:44:3c:5b:
                    9e:a7:66:79:b0:dd:40:b8:ed:9c:f3:48:78:06:1a:
                    2e:db:e7:32:a5:7f:46:6c:ee:5f:97:62:e4:0e:22:
                    aa:65:4d:79:80:8b:9c:da:1e:59:c0:6a:5b:a7:9a:
                    0e:f2:51:71:76:c4:a9:2d:bf:cc:b1:9c:35:00:b5:
                    bd:a8:98:a1:52:f6:85:6c:c2:0c:67:0d:98:47:d9:
                    72:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                91:B4:E8:6A:69:B3:1D:06:6B:2A:0E:88:AA:FE:10:CC:EC:F3:0C:93
            X509v3 Authority Key Identifier: 
                keyid:71:A5:82:E6:1E:F1:B4:D0:2B:8B:A6:85:8F:E8:1A:5D:62:7D:31:AE
                DirName:/CN=ch.geni.net
                serial:03

            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Alternative Name: 
                email:nick@bssoftworks.com, URI:urn:publicid:IDN+ch.geni.net+tool+vts-uiuc, URI:urn:uuid:67665373-0db3-428b-897a-d48b96ac7528
    Signature Algorithm: sha1WithRSAEncryption
         33:b8:97:3f:b9:81:bb:a6:13:c9:a5:10:6b:35:9d:30:b4:99:
         fe:6f:43:2b:cb:06:8e:ed:7d:16:1d:11:01:d0:a2:ec:f7:a3:
         34:99:19:99:d1:87:5b:59:14:31:6c:f3:5f:13:2b:25:f5:e7:
         b9:76:17:20:0a:18:1a:81:85:3d:40:39:88:0d:77:e9:c2:87:
         38:84:37:8f:9a:e7:37:10:ab:75:14:0e:06:08:3c:2c:c2:3d:
         a7:0f:7e:20:f1:b4:a4:a1:35:de:bf:cb:87:da:00:c3:1c:ce:
         75:4c:33:b5:81:dd:3e:d0:d1:cb:96:81:af:f7:ce:70:46:91:
         d8:9f
Note: See TracTickets for help on using tickets.