This PR adds older CA certificates that are required to verify older Department of Energy PIV certificates.
💠Motivation and context
We are working with some users who have older (early 2019) DOE PIVs and their certificates could not be verified until we added the appropriate CA certificates to our trust store.
🧪 Testing
This change was validated in Staging by running the updated fetch_user_ca_certs.sh to pull in the new CA certificates and hash them for use for OpenVPN. Then (and this part is quite important), the VPN service was restarted so that the new CA certificates were picked up and used. After that, our intrepid DOE PIV user was able to successfully connect to our VPN.
✅ Checklist
[x] This PR has an informative and human-readable title.
[x] Changes are limited to a single goal - eschew scope creep!
[x] All relevant type-of-change labels have been added.
🗣 Description
This PR adds older CA certificates that are required to verify older Department of Energy PIV certificates.
💠Motivation and context
We are working with some users who have older (early 2019) DOE PIVs and their certificates could not be verified until we added the appropriate CA certificates to our trust store.
🧪 Testing
This change was validated in Staging by running the updated
fetch_user_ca_certs.shto pull in the new CA certificates and hash them for use for OpenVPN. Then (and this part is quite important), the VPN service was restarted so that the new CA certificates were picked up and used. After that, our intrepid DOE PIV user was able to successfully connect to our VPN.✅ Checklist