StarlingX

Weird error message installing a not yet valid certificate

Bug #1988084 reported by Thiago Paiva Brito
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
New
Low
Unassigned

Bug Description

Brief Description
-----------------
Running a restore on a VM, the playbook failed with a cryptic error message trying to reinstall the certificates from the backup. Retrying to install the certificates directly on the CLI rendered the same error message:

[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-install -m ssl_ca /tmp/ca-cert.pem
Certificate /tmp/ca-cert.pem not installed: Expecting value: line 1 column 1 (char 0)

After I perceived that the VM date was behind the certificate start_date, but the error message needs improvement.

Severity
--------
Minor: System/Feature is usable with minor issue

Steps to Reproduce
------------------
-Create a certificate
-Take a backup
-Revert VM
-Restore backup

Alternatively, just generate the certificate and set the system date to something before the start_date before issuing certificate-install

Expected Behavior
------------------
certificate-install fails with a meaningful message

Actual Behavior
----------------
Message is just "Certificate /tmp/ca-cert.pem not installed: Expecting value: line 1 column 1 (char 0)"

Reproducibility
---------------
4/4

System Configuration
--------------------
AIO-SX

Branch/Pull Time/Commit
-----------------------
2022-08-25

Last Pass
---------
N/A

Timestamp/Logs
--------------
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-install -m ssl_ca /tmp/ca-cert.pem
Certificate /tmp/ca-cert.pem not installed: Expecting value: line 1 column 1 (char 0)
[sysadmin@controller-0 ~(keystone_admin)]$ date
ter 16 ago 2022 18:42:17 UTC
[sysadmin@controller-0 ~(keystone_admin)]$ sudo date -s "2022-08-29 15:53:32"
Password:
seg 29 ago 2022 15:53:32 UTC
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-install -m ssl_ca /tmp/ca-cert.pem
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 59c7eb3c-b3d3-42e1-bd7d-30e73f1b6aab |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21 17:46:14+00:00 |
| expiry_date | 2032-09-07 17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
+-------------+-------------------------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------------------------+
| uuid | e0feaa68-9a14-42b5-a649-a328ae2d6b7f |
| certtype | ssl_ca |
| signature | ssl_ca_568741737948341670890383595968438938602889739820 |
| start_date | 2022-08-25 17:09:48+00:00 |
| expiry_date | 2022-11-12 17:09:48+00:00 |
| subject | CN=tbrito.com,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-------------------------------------------------------------+
+-------------+--------------------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------------------+
| uuid | 238fcad9-c346-44db-8d3a-7831eaadcf36 |
| certtype | ssl_ca |
| signature | ssl_ca_19504410177737067966767112210409256169930823998 |
| start_date | 2022-08-16 17:25:13+00:00 |
| expiry_date | 2032-08-13 17:25:13+00:00 |
| subject | CN=starlingx |
+-------------+--------------------------------------------------------+

Test Activity
-------------
Developer Testing

Workaround
----------
None

Tags: stx.update
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.update
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.