Slice certificates are being issued with a 10 year lifetime #605
Comments
|
An additional issue i found when trying to fix using my previously mentioned idea is that that slice certificates could still go beyond the SA Certificate expiry time if (Slice_expiry + renewal_days) > SA Cert expiry time This particular problem will only occur start from 185 days before SA Cert expiry because 185 days is set as a constant in the source code for max allowable renew time. To avoid running into this issue, whoever the admins may be at that time has to renew the CA , SA and other relevant Authority certs atleast 185 days before the actual expiry. This will make sure all existing SA certs issued by the old SA/CA are still valid while all new certs are signed by the renewed CA/SA |
This needs to be fixed since it breaks slice credentials generated with slice certificates that expire beyond the GENI CA expiry. The right way should be to use the slice expiry time as the slice certificate expiry time. Each time a slice is renewed, the slice certificate is also renewed automatically by the current source code.
The text was updated successfully, but these errors were encountered: