Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-1815

Renewed certificates seem to be missing the CA:TRUE constraint

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 1.7.0.GA
    • 1.4.0.GA, 1.5.0.GA
    • None
    • None

    Description

      When we generate a new certificate, we create it with X509v3 extensions and configure the CA:TRUE constraint to mark it as CA.

              X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:5F:7F:2D:FE:0F:B2:75:60:73:1F:23:5B:A2:CC:23:B6:69:31:4D
            X509v3 Authority Key Identifier:
                keyid:3D:5F:7F:2D:FE:0F:B2:75:60:73:1F:23:5B:A2:CC:23:B6:69:31:4D

            X509v3 Basic Constraints:
                CA:TRUE

      When the certificate is renewed, it seems to be completely missing the X509v3 extension. While it do not seem to cause any issues, it could be confusing and it would be better if the renewed certificate looked the same as before the renewal.

      Attachments

        Activity

          People

            Unassigned Unassigned
            scholzj JAkub Scholz
            Lukas Kral Lukas Kral
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: