Issue #2573: CA Certificate Issuance Date displayed on CA website incorrect - dogtagpki

dogtagpki

#2573 CA Certificate Issuance Date displayed on CA website incorrect

Closed: Fixed None Opened 7 years ago by dsirrine.

Anywhere on the CA websites where it shows the certificate issuance date it
shows the CA signing certificate as being issued on the day the CA migration
took place, not on the original issuance date.

edewata commented 7 years ago

+1 on proposed priority/milestone

vakwetu commented 7 years ago

Following up on this - I think this is definitely an artifact of the migration procedure.

I see places in code where the create date for the cert (or key) record) is what is being populated into the UI output. Specifically,

base/server/cms/src/com/netscape/cms/servlet/cert/ListCerts.java: rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
base/server/cms/src/com/netscape/cms/servlet/cert/SrchCerts.java: rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);

This is retrieved from the field dateOfCreate (which is populated when the record is created).

If we fixed the ticket to not generate a cert record for migration (or to remove it at the end of the install), then this field will be populated by the data that is migrated in, and this problem would be solved.

Note that this really is not that big an issue, because its the issuance date and not the validity date (NotBefore).

vakwetu commented 7 years ago

Checked into master:

049a4e3e09328bfcdff62dc189ad95917647fb22

vakwetu commented 7 years ago

New parameters to pkispawn are:

pki_ca_signing_record_create=True pki_ca_signing_serial_number=1

I the migration case, these must be set to:

pki_ca_signing_record_create=False pki_ca_signing_serial_number=X

where X is the serial number of the signing cert being imported (in decimal)

The signing cert record will be delted at the end of the install, so that it can be imported from the old migration data. All fields in the old migration data will then be correct.

mharmsen commented 7 years ago

Replying to [comment:5 vakwetu]:

Checked into master:

049a4e3e09328bfcdff62dc189ad95917647fb22
Cherry-picked to DOGTAG_10_3_BRANCH:

42bc6fc8eeef3c8bea036a7fc327696983dcf17c

Metadata Update from @dsirrine:
- Issue set to the milestone: 10.3.10

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2693

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.3.10

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1409949

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

RHCust

proposedpriority

None

fixedinversion

https://koji.fedoraproject.org/koji/buildinfo?buildID=837471

platforms

None

blockedby

None

blocking

None

reviewer

None

component

proposedmilestone

None

dogtagpki

Source Code

#2573 CA Certificate Issuance Date displayed on CA website incorrect Closed: Fixed None Opened 7 years ago by dsirrine.

Metadata

#2573 CA Certificate Issuance Date displayed on CA website incorrect

Closed: Fixed None Opened 7 years ago by dsirrine.