[
https://issues.apache.org/jira/browse/HDDS-8442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Szabolcs Gál updated HDDS-8442:
-------------------------------
Description:
Ozone admin cert list command shows inconsistent expiry times between
certificates. Root CA certs end with 23:59:59 and intermediate ca and regular
certificates expire by 00:00:00. This should be consistent for all certificates.
Here is an example log from a real cluster: (subject was removed from the
logs[root@quasar-vhjiym-1 ~]# ozone admin cert list -c100
Total 26 valid certificates:
{code:java}
SerialNumber Valid From Expiry
1 Wed Apr 05 00:00:00 UTC 2023 Sat Apr 08 23:59:59 UTC 2023
6744449472298841 Wed Apr 05 00:00:00 UTC 2023 Sat Apr 08 00:00:00 UTC 2023
6744467653703376 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744469072819460 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744469097402246 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744469114981837 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744469129693077 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744469406807539 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744470107865534 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744470398467206 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744472619416002 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744472648403655 Wed Apr 05 00:00:00 UTC 2023 Sat Apr 08 00:00:00 UTC 2023
6744473212107595 Wed Apr 05 00:00:00 UTC 2023 Sat Apr 08 00:00:00 UTC 2023
6744473212999134 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6744473759697308 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
6877970098702136 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877970171225380 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877970199060224 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877970225934919 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877971092330460 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877972202116362 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877975185260612 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877976032273912 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877976452897781 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877976471681506 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
6877979844665353 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
{code}
> Inconsistent expiry time between root ca and all other certs
> ------------------------------------------------------------
>
> Key: HDDS-8442
> URL: https://issues.apache.org/jira/browse/HDDS-8442
> Project: Apache Ozone
> Issue Type: Bug
> Components: Security
> Reporter: Szabolcs Gál
> Assignee: Szabolcs Gál
> Priority: Major
> Labels: pki
>
> Ozone admin cert list command shows inconsistent expiry times between
> certificates. Root CA certs end with 23:59:59 and intermediate ca and regular
> certificates expire by 00:00:00. This should be consistent for all
> certificates.
> Here is an example log from a real cluster: (subject was removed from the
> logs[root@quasar-vhjiym-1 ~]# ozone admin cert list -c100
> Total 26 valid certificates:
> {code:java}
> SerialNumber Valid From Expiry
>
>
> 1 Wed Apr 05 00:00:00 UTC 2023 Sat Apr 08 23:59:59 UTC 2023
>
> 6744449472298841 Wed Apr 05 00:00:00 UTC 2023 Sat Apr 08 00:00:00 UTC 2023
>
> 6744467653703376 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744469072819460 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744469097402246 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744469114981837 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744469129693077 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744469406807539 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744470107865534 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744470398467206 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744472619416002 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744472648403655 Wed Apr 05 00:00:00 UTC 2023 Sat Apr 08 00:00:00 UTC 2023
>
> 6744473212107595 Wed Apr 05 00:00:00 UTC 2023 Sat Apr 08 00:00:00 UTC 2023
>
> 6744473212999134 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6744473759697308 Wed Apr 05 00:00:00 UTC 2023 Fri Apr 07 00:00:00 UTC 2023
>
> 6877970098702136 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877970171225380 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877970199060224 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877970225934919 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877971092330460 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877972202116362 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877975185260612 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877976032273912 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877976452897781 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877976471681506 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
>
> 6877979844665353 Fri Apr 07 00:00:00 UTC 2023 Sun Apr 09 00:00:00 UTC 2023
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
