Anywhere on the CA websites where it shows the certificate issuance date it shows the CA signing certificate as being issued on the day the CA migration took place, not on the original issuance date.
+1 on proposed priority/milestone
Following up on this - I think this is definitely an artifact of the migration procedure.
I see places in code where the create date for the cert (or key) record) is what is being populated into the UI output. Specifically,
base/server/cms/src/com/netscape/cms/servlet/cert/ListCerts.java: rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); base/server/cms/src/com/netscape/cms/servlet/cert/SrchCerts.java: rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
This is retrieved from the field dateOfCreate (which is populated when the record is created).
If we fixed the ticket to not generate a cert record for migration (or to remove it at the end of the install), then this field will be populated by the data that is migrated in, and this problem would be solved.
Note that this really is not that big an issue, because its the issuance date and not the validity date (NotBefore).
Checked into master:
049a4e3e09328bfcdff62dc189ad95917647fb22
New parameters to pkispawn are:
pki_ca_signing_record_create=True pki_ca_signing_serial_number=1
I the migration case, these must be set to:
pki_ca_signing_record_create=False pki_ca_signing_serial_number=X
where X is the serial number of the signing cert being imported (in decimal)
The signing cert record will be delted at the end of the install, so that it can be imported from the old migration data. All fields in the old migration data will then be correct.
Replying to [comment:5 vakwetu]:
Checked into master: 049a4e3e09328bfcdff62dc189ad95917647fb22 Cherry-picked to DOGTAG_10_3_BRANCH:
049a4e3e09328bfcdff62dc189ad95917647fb22 Cherry-picked to DOGTAG_10_3_BRANCH:
Metadata Update from @dsirrine: - Issue set to the milestone: 10.3.10
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2693
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.