[
https://issues.jboss.org/browse/WFCORE-4060?page=com.atlassian.jira.plugi...
]
Farah Juma updated WFCORE-4060:
-------------------------------
Description:
We need to make sure that when the {{obtain-certificate}} operation is used to obtain a
certificate from Let's Encrypt staging server and then used again to obtain a
certificate from Let's Encrypt's non-staging server that the appropriate account
URL is used (i.e., the account URL should start with the staging endpoint in the first
case and it should start with the production endpoint in the second case). For example,
the following scenario should work properly:
{code}
# Try to obtain a certificate first using the staging endpoint and then again using the
non-staging endpoint with the same certificate-authority-account
/subsystem=elytron/key-store=key-store3:add(credential-reference={clear-text=password},type=JKS,path=keystore3.jks)
/subsystem=elytron/certificate-authority-account=ca_letsenc3:add(alias=server,key-store=key-store3)
/subsystem=elytron/key-store=key-store3:obtain-certificate(alias=app3,certificate-authority-account=ca_letsenc3,domain-names=["mydomain.com"],agree-to-terms-of-service,algorithm=RSA,staging=true)
/subsystem=elytron/key-store=key-store3:obtain-certificate(alias=app3,certificate-authority-account=ca_letsenc3,domain-names=["mydomain.com"],agree-to-terms-of-service,algorithm=RSA,staging=false)
{code}
Other certificate authority management operations should also be able to handle switching
between staging and non-staging using the same {{certificate-authority-account}}.
was:
We need to make sure that when the {{obtain-certificate}} operation is used to obtain a
certificate from Let's Encrypt staging server and then used again to obtain a
certificate from Let's Encrypt's production server that the appropriate account
URL is used (i.e., the account URL should start with the staging endpoint in the first
case and it should start with the production endpoint in the second case). For example,
the following scenario should work properly:
{code}
# Try to obtain a certificate first using the staging endpoint and then again using the
non-staging endpoint with the same certificate-authority-account
/subsystem=elytron/key-store=key-store3:add(credential-reference={clear-text=password},type=JKS,path=keystore3.jks)
/subsystem=elytron/certificate-authority-account=ca_letsenc3:add(alias=server,key-store=key-store3)
/subsystem=elytron/key-store=key-store3:obtain-certificate(alias=app3,certificate-authority-account=ca_letsenc3,domain-names=["mydomain.com"],agree-to-terms-of-service,algorithm=RSA,staging=true)
/subsystem=elytron/key-store=key-store3:obtain-certificate(alias=app3,certificate-authority-account=ca_letsenc3,domain-names=["mydomain.com"],agree-to-terms-of-service,algorithm=RSA,staging=false)
{code}
Other certificate authority management operations should also be able to handle switching
between staging and non-staging using the same {{certificate-authority-account}}.
Ensure the correct account URL gets used when using the certificate
authority operations with both staging and non-staging endpoints with the same
certificate-authority-account
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: WFCORE-4060
URL:
https://issues.jboss.org/browse/WFCORE-4060
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Farah Juma
Assignee: Farah Juma
We need to make sure that when the {{obtain-certificate}} operation is used to obtain a
certificate from Let's Encrypt staging server and then used again to obtain a
certificate from Let's Encrypt's non-staging server that the appropriate account
URL is used (i.e., the account URL should start with the staging endpoint in the first
case and it should start with the production endpoint in the second case). For example,
the following scenario should work properly:
{code}
# Try to obtain a certificate first using the staging endpoint and then again using the
non-staging endpoint with the same certificate-authority-account
/subsystem=elytron/key-store=key-store3:add(credential-reference={clear-text=password},type=JKS,path=keystore3.jks)
/subsystem=elytron/certificate-authority-account=ca_letsenc3:add(alias=server,key-store=key-store3)
/subsystem=elytron/key-store=key-store3:obtain-certificate(alias=app3,certificate-authority-account=ca_letsenc3,domain-names=["mydomain.com"],agree-to-terms-of-service,algorithm=RSA,staging=true)
/subsystem=elytron/key-store=key-store3:obtain-certificate(alias=app3,certificate-authority-account=ca_letsenc3,domain-names=["mydomain.com"],agree-to-terms-of-service,algorithm=RSA,staging=false)
{code}
Other certificate authority management operations should also be able to handle switching
between staging and non-staging using the same {{certificate-authority-account}}.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)