The ma and sa certs have a UID stored in the wrong format

GENI-NSF / geni-ch

GENI clearinghouse services

Other

3 stars 6 forks source link

The ma and sa certs have a UID stored in the wrong format #111

Open ahelsing opened 9 years ago

ahelsing commented 9 years ago

The ma and sa UIDs are in the subjectAltName under the wrong tag, as in:

            X509v3 Subject Alternative Name: 
                email:portal-sandbox-admin@gpolab.bbn.com, URI:urn:publicid:IDN+ch-ah.gpolab.bbn.com+authority+portal, URI:uuid:b2822cca-4c62-4b08-83fd-e0afaf331908

Instead of "URI:uuid" it should be "URI:urn:uuid"

Imported from trac ticket #111, created by ahelsing on 12-02-2013 at 23:18, last modified: 07-15-2014 at 13:05

tcmitchell commented 9 years ago

The root cause has been fixed. The geni-init-services script now uses the correct prefix of "URI:urn:uuid:". The certificate renewal documentation has also been updated to use the correct prefix.

The chapi code will need to be flexible and accept either "URI:uuid:" or "URI:urn:uuid:".

Trac comment by tmitchel (github user: tcmitchell) on 12-03-2013 at 10:43