https self-signed certificate expires prior to a year from system install
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Andy |
Bug Description
Brief Description
-----------------
The https self-signed certificate comes with the installation has one year valid time, but on some systems it expired before the system is one year old.
This is because the self-signed certificate is generated at build time and embedded in the ISO.
Severity
--------
Minor
Steps to Reproduce
------------------
- Install a system (any configuration)
- Check the "Not After" Validity of the /etc/ssl/
Expected Behavior
------------------
The self signed certificate's "Not After" is at least one year from the installation time.
Actual Behavior
----------------
The self signed certificate's "Not After" is less than one year from the installation time.
Reproducibility
---------------
100%
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
stx master latest
Last Pass
---------
New test scenario.
Timestamp/Logs
--------------
controller-
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
Signature Algorithm: sha256WithRSAEn
Issuer: CN=StarlingX
Validity
Not Before: Jun 9 23:39:53 2021 GMT
Not After : Jun 9 23:39:53 2022 GMT
Subject: CN=StarlingX
Then use "rpm -qi setup" to find the installation time.
controller-
Name : setup
Version : 2.8.71
Release : 10.el7.tis.11
Architecture: noarch
Install Date: Fri 17 Sep 2021 10:39:59 PM UTC
Test Activity
-------------
Developer test
Workaround
----------
Install new ssl certificate.
Changed in starlingx: | |
assignee: | nobody → Andy (andy.wrs) |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.6.0 stx.config stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /config/ +/810263
Review: https:/