[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Requirements for Router Re-encrypt destination certificates?



turns out if you don't give the router a new destination ca cert when you generate one it doesn't work.  Changing the extensions did the trick.

Thanks Jordan

On Mon, Jun 4, 2018 at 11:16 AM Marc Boorshtein <mboorshtein gmail com> wrote:
On Sat, Jun 2, 2018 at 3:25 PM Jordan Liggitt <jliggitt redhat com> wrote:
The only differences I see are in key usage restrictions


same issue:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1528124732081 (0x163cb54f2b1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = dev, ST = dev, L = dev, O = dev, OU = dev, CN = unison-scalejs-rh.tremolo.io
        Validity
            Not Before: Jun  4 00:00:00 2018 GMT
            Not After : Jun  1 00:00:00 2028 GMT
        Subject: C = dev, ST = dev, L = dev, O = dev, OU = dev, CN = unison-scalejs-rh.tremolo.io
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a1:e3:8e:4f:b1:f1:3a:15:4a:bc:e2:ef:0c:01:
                    1a:98:16:d1:f2:08:96:25:eb:e8:f6:d0:b9:26:01:
                    ed:38:9c:d4:57:58:b8:0e:41:53:5b:71:50:28:27:
                    ee:45:17:9e:2c:33:9f:2c:40:44:6b:da:04:f4:a8:
                    56:0d:6a:5b:bd:e2:76:e2:e2:91:cf:88:59:c6:31:
                    7d:24:53:1e:42:b4:ac:83:26:b5:33:1a:d0:03:73:
                    62:25:48:5f:f9:6e:74:6b:c7:f7:84:1a:78:db:f5:
                    30:92:97:d5:28:48:bb:ca:28:38:c8:fa:fe:11:54:
                    03:5f:51:82:5d:f0:c4:f6:46:5b:dd:5b:ee:0a:99:
                    f1:91:2d:c9:c0:d2:f7:e1:4a:5b:ad:9e:dd:19:f0:
                    1b:08:be:a0:98:23:38:32:40:64:1f:e4:9f:10:43:
                    f7:1b:fa:88:55:54:46:46:fc:88:b3:e9:f2:41:7e:
                    6c:93:f2:34:7a:c0:5a:aa:18:35:3e:35:e6:7b:bb:
                    e3:77:36:ab:fd:9f:2f:62:f6:33:d5:7a:61:e9:9f:
                    71:42:fa:0a:3f:9c:87:50:87:59:ea:ce:13:23:70:
                    4d:71:11:0b:0d:24:77:c1:9b:c5:38:00:c9:e0:5c:
                    a5:29:61:5d:33:f1:53:0a:57:72:e2:69:fa:54:0a:
                    5a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign
            X509v3 Extended Key Usage: critical
                Any Extended Key Usage
    Signature Algorithm: sha256WithRSAEncryption
         91:66:93:bc:27:1c:43:48:90:5a:dd:46:8b:d0:43:90:68:71:
         74:64:47:95:fe:c6:a8:f2:62:40:0e:31:aa:0e:4a:fa:92:b4:
         ec:d4:b9:78:85:76:ab:ed:2a:5e:7d:07:c3:ed:8b:10:6b:f0:
         6f:5a:c0:5d:f2:8c:d0:99:2b:12:0c:cc:a3:ae:a6:e3:a8:68:
         05:62:7c:d3:82:ad:9a:4c:25:d9:a1:23:ca:a0:b1:71:17:e2:
         37:c9:6f:f2:13:b6:71:ac:61:39:fd:c8:aa:32:cc:b9:fb:81:
         c6:9b:36:18:95:16:82:a6:76:81:c2:24:03:c7:40:05:a4:f8:
         ef:4d:15:af:a2:5e:0a:0f:41:20:8d:7f:80:e0:29:b2:90:46:
         a2:e3:7a:20:a8:db:be:5f:19:31:66:4d:fd:e9:17:b1:84:c9:
         03:0b:29:70:72:24:30:4e:2d:26:7f:ea:ef:45:d8:64:03:9d:
         1e:43:51:01:db:f9:44:a7:d8:46:b8:93:d0:49:65:78:3b:5c:
         78:f5:b5:ca:c0:eb:fa:17:68:0d:87:5d:2f:3e:4b:fc:b8:4b:
         97:d3:9a:3d:74:ec:6d:39:6a:7c:ab:61:df:b4:bd:e0:f6:1e:
         60:bc:50:7b:0c:83:ec:12:d6:93:4d:f5:70:4e:36:53:7c:44:
         1c:fa:f7:db
-----BEGIN CERTIFICATE-----
MIIDkTCCAnmgAwIBAgIGAWPLVPKxMA0GCSqGSIb3DQEBCwUAMG0xDDAKBgNVBAYT
A2RldjEMMAoGA1UECBMDZGV2MQwwCgYDVQQHEwNkZXYxDDAKBgNVBAoTA2RldjEM
MAoGA1UECxMDZGV2MSUwIwYDVQQDExx1bmlzb24tc2NhbGVqcy1yaC50cmVtb2xv
LmlvMB4XDTE4MDYwNDAwMDAwMFoXDTI4MDYwMTAwMDAwMFowbTEMMAoGA1UEBhMD
ZGV2MQwwCgYDVQQIEwNkZXYxDDAKBgNVBAcTA2RldjEMMAoGA1UEChMDZGV2MQww
CgYDVQQLEwNkZXYxJTAjBgNVBAMTHHVuaXNvbi1zY2FsZWpzLXJoLnRyZW1vbG8u
aW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh445PsfE6FUq84u8M
ARqYFtHyCJYl6+j20LkmAe04nNRXWLgOQVNbcVAoJ+5FF54sM58sQERr2gT0qFYN
alu94nbi4pHPiFnGMX0kUx5CtKyDJrUzGtADc2IlSF/5bnRrx/eEGnjb9TCSl9Uo
SLvKKDjI+v4RVANfUYJd8MT2RlvdW+4KmfGRLcnA0vfhSlutnt0Z8BsIvqCYIzgy
QGQf5J8QQ/cb+ohVVEZG/Iiz6fJBfmyT8jR6wFqqGDU+NeZ7u+N3Nqv9ny9i9jPV
emHpn3FC+go/nIdQh1nqzhMjcE1xEQsNJHfBm8U4AMngXKUpYV0z8VMKV3LiafpU
ClrHAgMBAAGjNzA1MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMBIG
A1UdJQEB/wQIMAYGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAJFmk7wnHENIkFrd
RovQQ5BocXRkR5X+xqjyYkAOMaoOSvqStOzUuXiFdqvtKl59B8PtixBr8G9awF3y
jNCZKxIMzKOupuOoaAVifNOCrZpMJdmhI8qgsXEX4jfJb/ITtnGsYTn9yKoyzLn7
gcabNhiVFoKmdoHCJAPHQAWk+O9NFa+iXgoPQSCNf4DgKbKQRqLjeiCo275fGTFm
Tf3pF7GEyQMLKXByJDBOLSZ/6u9F2GQDnR5DUQHb+USn2Ea4k9BJZXg7XHj1tcrA
6/oXaA2HXS8+S/y4S5fTmj107G05anyrYd+0veD2HmC8UHsMg+wS1pNN9XBONlN8
RBz699s=
-----END CERTIFICATE-----





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]