Project

General

Profile

Actions

Task #3515

closed

Request all expired node and user certificates be manually updated

Added by Jeff Burke over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
03/05/2016
Due date:
% Done:

0%

Estimated time:

Description

Cert mechanism on testbed is apparently still broken? (See messages to operators list in Jan '16.) Please fix or indicate plan for resolution.


Related issues 1 (0 open1 closed)

Blocks ndnrtc - Task #3513: [NdnCon] Change user prefix to be compatible with auto prefix propagationClosedPeter Gusev03/16/2016

Actions
Actions #1

Updated by Jeff Burke over 8 years ago

  • Blocks Task #3513: [NdnCon] Change user prefix to be compatible with auto prefix propagation added
Actions #2

Updated by Jeff Burke over 8 years ago

  • Subject changed from Fix testbed cert issuing mechanism to Request all expired node and user certificates be manually updated
  • Assignee changed from Yingdi Yu to Jeff Burke

Per AlexA, things are operating correctly now, but expired certs for nodes and users need to be manually re-requested as there is no roll-over mechanism yet.

If this is correct, I'll work with John DeHart to request everyone update their certs, and we can work on transitioning the namespace for NDN-RTC as a breaking change in the next version.

Please confirm.

Actions #3

Updated by Jeff Burke over 8 years ago

Site certs to be updated by John Dehart. Peter, can you incorporate updating user certs into current ndncon test instructions?

Actions #4

Updated by Junxiao Shi over 8 years ago

incorporate updating user certs into ndncon test instructions

Requesting user certificate right before NdnCon conference would be too late.

ndncert requires operator approval, which is not instantaneous.
Per testbed policy, operator has up to 24 hours to respond.

Instead, ndncert should automatically notify the user when his/her certificate is less than 18 days before expiration, similar to what Let's Encrypt does.

Before an automated notification system is in place, I suggest sending bulk emails to every user who has an expired certificate, after site certificates are up to date.

You may use this script to find all expired certificates (pipe its output to | column -t for a nicer view):

Actions #5

Updated by Jeff Burke over 8 years ago

  • Status changed from New to Closed

Per John DeHart's email to the operators list, http://lists.named-data.net/mailman/private/operators/2016-March/001011.html the site certs are updated and user certs can be reissued.

Actions

Also available in: Atom PDF