[SERVER-11885] Test CA (ca.pem) is expired Created: 27/Nov/13  Updated: 11/Jul/16  Resolved: 30/Nov/13

Status: Closed
Project: Core Server
Component/s: Networking, Security
Affects Version/s: 2.5.4
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Eric Milkie
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-11884 ssl tests failing due to expired cert... Closed
Operating System: ALL
Participants:

 Description   

The root CA certificate used in our testing framework (unfortunately) has the following expiry date:

Not After : Nov 27 19:03:39 2013 GMT

Hence some of the tests started failing today, SERVER-11884. I added the --sslAllowInvalidCertificates flag for the mongod started by smoke.py to get the tests back in shape. However the certificate (and all of the certificates in jstests/libs issued by this CA needs to be replaced in order to properly test certificate validation).

milkie is probably the right person to triage this.



 Comments   
Comment by Githook User [ 30/Nov/13 ]

Author:

{u'username': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}

Message: SERVER-11885 renew ca certificate
Branch: master
https://github.com/mongodb/mongo/commit/828afdcdddbb4a88d6e542f3ff971e7f15ef51f5

Comment by Andreas Nilsson [ 28/Nov/13 ]

Ran through all of the SSL tests and the following are still failing because of the expired CA cert:

jstests/ssl/ssl_cert_password.js
jstests/ssl/ssl_crl.js
jstests/ssl/x509_client.js
jstests/ssl/sharding_with_x509.js
jstests/ssl/ssl_hostname_validation.js
jstests/ssl/ssl_weak.js

sslSpecial/ssl_mixedmode.js

Generated at Thu Feb 08 03:27:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.