Details
-
Feature
-
Status: Released (View Workflow)
-
Major
-
Resolution: Fixed
-
2.5.7, 2.6.4
-
None
Description
Current Situation
- If one certificate is expired in the folder trusted-x509-keys the process of reading of certificates stops with an error message like
- ERROR js7.base.crypt.generic.DirectoryWatchingSignatureVerifier - X509 signature keys are not readable: java.security.cert.CertificateExpiredException: NotAfter: Sun Dec 31 12:37:44 CET 2023
- if a duplicated certificate is present the process of reading of certificates also stops with the following error message
- ERROR js7.base.crypt.generic.DirectoryWatchingSignatureVerifier - X509 signature keys are not readable: Duplicate X.509 certificates: 2×EMAILADDRESS=admin@sos-berlin.com, CN=SOS Intermediate CA, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE
All other certificates provided in that folder are not processed. A call of UpdateItem (deploy) always fails for all provided certificates. The error occurs on the controller and on the agent.
Desired Behavior
If one certificate expires or a certificate is duplicated the processing of all other certificates should not be blocked and the other certificates have to be still processed.
As these are no errors the provided messages should be a warnings instead of an error.
The warning message for the expired certificate should also state the DN of the certificate to be able to better determine the affected certificate.
Â
Valid for
- X.509 and PGP certificates
- HTTPS and item signature check
Attachments
Issue Links
- relates to
-
-
- Released
-