#2573 CA Certificate Issuance Date displayed on CA website incorrect
Closed: Fixed None Opened 4 years ago by dsirrine.

Anywhere on the CA websites where it shows the certificate issuance date it
shows the CA signing certificate as being issued on the day the CA migration
took place, not on the original issuance date.


+1 on proposed priority/milestone

Following up on this - I think this is definitely an artifact of the migration procedure.

I see places in code where the create date for the cert (or key) record) is what is being populated into the UI output. Specifically,

base/server/cms/src/com/netscape/cms/servlet/cert/ListCerts.java: rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
base/server/cms/src/com/netscape/cms/servlet/cert/SrchCerts.java: rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);

This is retrieved from the field dateOfCreate (which is populated when the record is created).

If we fixed the ticket to not generate a cert record for migration (or to remove it at the end of the install), then this field will be populated by the data that is migrated in, and this problem would be solved.

Note that this really is not that big an issue, because its the issuance date and not the validity date (NotBefore).

Checked into master:

049a4e3e09328bfcdff62dc189ad95917647fb22

New parameters to pkispawn are:

pki_ca_signing_record_create=True pki_ca_signing_serial_number=1

I the migration case, these must be set to:

pki_ca_signing_record_create=False pki_ca_signing_serial_number=X

where X is the serial number of the signing cert being imported (in decimal)

The signing cert record will be delted at the end of the install, so that it can be imported from the old migration data. All fields in the old migration data will then be correct.

Replying to [comment:5 vakwetu]:

Checked into master:

049a4e3e09328bfcdff62dc189ad95917647fb22
Cherry-picked to DOGTAG_10_3_BRANCH:

  • 42bc6fc8eeef3c8bea036a7fc327696983dcf17c

Metadata Update from @dsirrine:
- Issue set to the milestone: 10.3.10

4 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2693

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata