Task #3515
closed
Request all expired node and user certificates be manually updated
0%
Description
Cert mechanism on testbed is apparently still broken? (See messages to operators list in Jan '16.) Please fix or indicate plan for resolution.
Updated by Jeff Burke over 8 years ago
- Blocks Task #3513: [NdnCon] Change user prefix to be compatible with auto prefix propagation added
Updated by Jeff Burke over 8 years ago
- Subject changed from Fix testbed cert issuing mechanism to Request all expired node and user certificates be manually updated
- Assignee changed from Yingdi Yu to Jeff Burke
Per AlexA, things are operating correctly now, but expired certs for nodes and users need to be manually re-requested as there is no roll-over mechanism yet.
If this is correct, I'll work with John DeHart to request everyone update their certs, and we can work on transitioning the namespace for NDN-RTC as a breaking change in the next version.
Please confirm.
Updated by Jeff Burke over 8 years ago
Site certs to be updated by John Dehart. Peter, can you incorporate updating user certs into current ndncon test instructions?
Updated by Junxiao Shi over 8 years ago
incorporate updating user certs into ndncon test instructions
Requesting user certificate right before NdnCon conference would be too late.
ndncert requires operator approval, which is not instantaneous.
Per testbed policy, operator has up to 24 hours to respond.
Instead, ndncert should automatically notify the user when his/her certificate is less than 18 days before expiration, similar to what Let's Encrypt does.
Before an automated notification system is in place, I suggest sending bulk emails to every user who has an expired certificate, after site certificates are up to date.
You may use this script to find all expired certificates (pipe its output to | column -t for a nicer view):
Updated by Jeff Burke over 8 years ago
- Status changed from New to Closed
Per John DeHart's email to the operators list, http://lists.named-data.net/mailman/private/operators/2016-March/001011.html the site certs are updated and user certs can be reissued.