+1 From: onap-discuss@lists.onap.org <onap-discuss@lists.onap.org> On Behalf Of Lukasz Rajewski via lists.onap.org Sent: Tuesday, June 16, 2020 1:21 PM To: onap-discuss@lists.onap.org; RICHOMME Morgan TGI/OLN <morgan.richo...@orange.com>; LEFEVRE, CATHERINE <catherine.lefe...@intl.att.com>; David McBride <dmcbr...@linuxfoundation.org>; ZWARICO, AMY <az9...@att.com>; 'Pawel Pawlak' <p.paw...@f5.com>; Krzysztof Opasiak <k.opas...@samsung.com>; p.wieczor...@samsung.com; DESBUREAUX Sylvain TGI/OLN <sylvain.desbure...@orange.com> Subject: Re: [onap-discuss] [ONAP] certificate validity tests
Hi Thanks Morgan - great job. Simple analysis of the file shows, considering 9 months period when we should "guarantee" certificates will not expire (let's say 270 days from today), that there are 4 certificates which will not last till maintenance release of Frankfurt, next 4 will expire before 270 days, and further 14 will expire before day 300. So it looks that at least 4 should be changed ASAP but in my opinion we should change further 18 not later than in the Frankfurt maintenance release... Regards, [Logo Orange] Łukasz Rajewski, R&D Expert Orange Labs Poland, Advanced Network Solutions Agency Mob.: +48 519 310 854 Orange Polska, Obrzeżna 7, 02-691 Warsaw www.orange.pl<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.orange.pl_&d=DwMFBA&c=LFYZ-o9_HUMeMTSQicvjIg&r=iNosnZ-59sZVf-C4HoxYGFr9hvLE3kqmMLcqUGjQN2k&m=C6qiaw3KbbizRVflvbJ8sSpEcB93EXCwcpQeHKueZ7Q&s=IGl-uNcef-rSp1Lpv1As7vWTUCFJZBd0rI2BMe_qOnk&e=> From: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> [mailto:onap-discuss@lists.onap.org] On Behalf Of Morgan Richomme via lists.onap.org Sent: Tuesday, June 16, 2020 6:51 PM To: LEFEVRE, CATHERINE; David McBride; ZWARICO, AMY; 'Pawel Pawlak'; Krzysztof Opasiak; p.wieczor...@samsung.com<mailto:p.wieczor...@samsung.com>; DESBUREAUX Sylvain TGI/OLN Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> Subject: [onap-discuss] [ONAP] certificate validity tests Hi as explained during the PTL meeting, I started working on a simple test to evaluate the validity of the certificates in ONAP. I initiate a basic test: https://gerrit.onap.org/r/c/integration/+/109207<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_integration_-2B_109207&d=DwMFBA&c=LFYZ-o9_HUMeMTSQicvjIg&r=iNosnZ-59sZVf-C4HoxYGFr9hvLE3kqmMLcqUGjQN2k&m=C6qiaw3KbbizRVflvbJ8sSpEcB93EXCwcpQeHKueZ7Q&s=8twxVtemPy5hGZ2F95drVZka4phnYhtD1VzCk0SZhz8&e=> it is a WIP and it is not integrated in CI yet But I gave a try on the daily master (closed to the frankfurt for the moment) I attached the result file in the mail. According to the test - that needs to be reviewed and consolidated - , I can see that - the 2 dgbuilders certificates (ports 30228 and 30203) found are expired since 290 days - refrepo (30297) expired in 3 days - so-vnfm-port (30406) in 31 days on the other side, cli certificates expires in 27 years... I could add a color code for this kind of certificates Feel free to review the test and comment. I can see that some name are set to None, I need to verify why. /Morgan _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21369): https://lists.onap.org/g/onap-discuss/message/21369 Mute This Topic: https://lists.onap.org/mt/74920346/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
