Juju Charms Collection
apache2 package

self signed generated cert has 30d expiration instead of intended 3650

Bug #1408831 reported by JuanJo Ciarlante on 2015-01-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apache2 (Juju Charms Collection)	Fix Released	Undecided	JuanJo Ciarlante

Bug Description

Provided openssl.cnf doesn't work as expected:

$ head -5 data/openssl.cnf
RANDFILE = /dev/urandom

[ req ]
default_days = 3650
default_bits = 1024

# replaying usage from charm when SELFSIGNED is set:
$ OPENSSL_CN=foo OPENSSL_PUBLIC=1.2.3.4 OPENSSL_PRIVATE=5.6.7.8 openssl req -new -x509 -nodes -config data/openssl.cnf -keyout foo.key -out foo.crt
Generating a 1024 bit RSA private key
...++++++
..................................................++++++
writing new private key to 'foo.key'
-----
$ openssl x509 -in foo.crt -noout -dates
notBefore=Jan 8 23:37:56 2015 GMT
notAfter=Feb 7 23:37:56 2015 GMT

FYI https://www.openssl.org/docs/apps/req.html states
"-days n : when the -x509 option is being used this specifies the number of days ..."

So, because indeed the charm needs to use -x509, it should
add "-days 3650" to the cmdline invocation, instead of
relying on the (unused) openssl.cnf default_days value.

Tags:

Related branches

lp:~jjo/charms/trusty/apache2/fix-selfsigned-days-3650

Merged into lp:charms/trusty/apache2 at revision 61

Matt Bruzek (community): Approve on 2015-02-25

Adam Israel (community): Approve on 2015-02-04

Review Queue (community): Needs Fixing on 2015-01-13

JuanJo Ciarlante (jjo) on 2015-01-08

tags:

added: canonical-is

JuanJo Ciarlante (jjo) on 2015-02-26

Changed in apache2 (Juju Charms Collection):
status:	New → Fix Released
assignee:	nobody → JuanJo Ciarlante (jjo)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Juju Charms Collectionapache2 package