Uploaded image for project: 'JS - JobScheduler'
  1. JS - JobScheduler
  2. JS-2116

Ignore invalid certificates from watched directories

    XMLWordPrintable

Details

    Description

      Current Situation

      • If one certificate is expired in the folder trusted-x509-keys the process of reading of certificates stops with an error message like
        • ERROR js7.base.crypt.generic.DirectoryWatchingSignatureVerifier - X509 signature keys are not readable: java.security.cert.CertificateExpiredException: NotAfter: Sun Dec 31 12:37:44 CET 2023
      • if a duplicated certificate is present the process of reading of certificates also stops with the following error message
        • ERROR js7.base.crypt.generic.DirectoryWatchingSignatureVerifier - X509 signature keys are not readable: Duplicate X.509 certificates: 2×EMAILADDRESS=admin@sos-berlin.com, CN=SOS Intermediate CA, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE

      All other certificates provided in that folder are not processed. A call of UpdateItem (deploy) always fails for all provided certificates. The error occurs on the controller and on the agent.

      Desired Behavior

      If one certificate expires or a certificate is duplicated the processing of all other certificates should not be blocked and the other certificates have to be still processed.

      As these are no errors the provided messages should be a warnings instead of an error.

      The warning message for the expired certificate should also state the DN of the certificate to be able to better determine the affected certificate.

       

      Valid for

      • X.509 and PGP certificates
      • HTTPS and item signature check

      Attachments

        Issue Links

          Activity

            People

              jz Joacim Zschimmer
              sp Santiago Aucejo Petzoldt
              Santiago Aucejo Petzoldt Santiago Aucejo Petzoldt
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: