sfayer / cert_sorcerer Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU General Public License v3.0
License: GNU General Public License v3.0
Hi,
A change on the CA backend means that MD5 signing of CSRs will soon no longer be supported. You should be able to change this to something like SHA256withRSA (this is what CertWizard is now using) for continued support for CSRs,
Thanks,
Will.
Line 318 in 02d41bc
The code still contains an embedded copy of the SHA1 signed CA cert which was recently revoked: This should be updated to the newer version.
Traceback (most recent call last):
File "/usr/bin/CS.py", line 830, in <module>
CS_UI.renew_cert(store, cn, hostcert)
File "/usr/bin/CS.py", line 697, in renew_cert
CS_CertTools.create_csr(store, cn, hostcert)
File "/usr/bin/CS.py", line 289, in create_csr
raise Exception("Certificate in wrong state to create new CSR.")
Hello,
I've recently done some development work on the CertWizard API (known to us as CA-Server) to fix a bug we've been having with getting back certificates. The original endpoint accepted a GET request to
https://cwiz-live.ca.ngs.ac.uk/resources/resource/publickey/<base64-encoded-public-key>
which then lets you get information associated with a certificate. We noticed an issue where if the base64 encoding had more than once consecutive /
then things could break.
So you can instead sent a POST request to https://cwiz-live.ca.ngs.ac.uk/resources/resource/publickey/pk
with the following content. The return content has not changed. The GET method also still exists for backwards compatibility, so you might not need to do anything if you haven't noticed any issues.
<PublicKey>
base64-encoded-public-key
</PublicKey>
Processing USER cert with "CN=/c=uk/o=escience/ou=imperial/l=physics/cn=daniela bauer" (OU=Imperial,L=Physics,O=eScience,C=UK).
There is no local data about this DN, request a new cert [y/N]? N
Abort ... abort... abort....
deathstar:~ :~] openssl x509 -in .globus/usercert.pem -noout -subject
subject=C = UK, O = eScience, OU = Imperial, L = Physics, CN = daniela bauer
When renewing a usercert, the user's e-mail should be included as a SAN, however currently the default e-mail is used instead. The CA used to ignore this and use the main request e-mail in the SAN anyway, but it appears the incorrect value is now honoured. This is the line that should include the e-mail:
Line 709 in e201d53
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.