View Issue Details

IDProjectCategoryView StatusLast Update
0000775Main CAcert Websitecertificate issuingpublic2019-07-26 21:07
ReporterBas van den DikkenbergAssigned ToTed 
PrioritynormalSeverityminorReproducibilityhave not tried
Status needs reviewResolutionopen 
Product Version2009 Q3 
Target Version2015 Q1Fixed in Version 
Summary0000775: A org ceritficate is only valild one year
DescriptionWhen i make an Organisational client certficate its only valid one year this must be two as far i can find in the policy. The policy doesn't specify that its not two year valid.

 
TagsNo tags attached.
Reviewed byBenBE
Test Instructions

Relationships

related to 0000897 closedUli60 Prerequisites to do code signing differ in About->Point System and CPS 

Activities

homer

2009-09-06 12:12

reporter   ~0001476

Hello Bas,

I guess you are right
http://www.cacert.org/index.php?id=19

Best regards,

Guillaume

homer

2009-09-11 20:14

reporter   ~0001477

Hello Bas,

I confirm the cert lifetime is one year what ever you choose codesigning or not (class 1 or 3 root).

Best regards,

Guillaume

homer

2009-09-11 20:15

reporter   ~0001478

confirmed Sept 11th 2009

Uli60

2011-07-05 02:17

updater   ~0002085

Last edited: 2011-07-05 11:49

View 7 revisions

added note regarding certs issued under Organisation Assurance program are valid for 12 months under
https://wiki.cacert.org/FAQ/Privileges
redirection fix is handled under
https://bugs.cacert.org/view.php?id=897

to update the text, you have to update
https://wiki.cacert.org/FAQ/Privileges

http://www.cacert.org/policy/CertificationPracticeStatement.php
lists Organisation SubRoot -> Expiry of Certificates -> 24 months
for the new root and
Assured Members -> Expiry of Certificates -> 24 months
for the "old" root

http://www.cacert.org/policy/OrganisationAssurancePolicy.php
refers to CPS about cert issuing

affected source code is starting in:
https://cacert1.it-sls.de/account.php?id=16 (client certs)
https://cacert1.it-sls.de/account.php?id=20 (server certs)

probably one of the CommModule scripts needs to be reviewed
eg client.pl (sub calculateDays($)) l.440 ff. counts days based on received assurance points. if >= 50 then 730 days otherwise 180 days.
Does receive organisation users receive assurance points over 50 ?

client.pl l.835 (sub HandleCerts($$)) displays correct calculation:
      my $days=$org?($server?(365*2):365):calculateDays($row{"memid"});
if org (is yes), if server cert then calculate #days = 2 x 365 days = 730
sub calculateDays() will not be called here

INOPIAE

2014-02-25 07:39

updater   ~0004603

I pushed a fix to https://github.com/INOPIAE/CAcert/tree/bug-775

BenBE

2015-01-21 21:51

updater   ~0005257

Patch applied to testserver.

The testserver always uses 30 days instead of 730 days.

INOPIAE

2015-01-21 22:24

updater   ~0005260

I just create a new org client cert. Duration is 2 years => ok
I just create a new org server cert. Duration is 2 years => ok
=>ok

Uli60

2015-01-21 22:30

updater   ~0005261

renewed Org.Server cert => now valid for 2 years
renewed Org.Client cert => now valid for 2 years

Ted

2019-07-17 07:42

administrator   ~0005816

There has been an explicit request on the support mailing list for longer lasting org certificates, so I'm trying to revive this case...

Ted

2019-07-21 21:15

administrator   ~0005817

The changes checked in by INOPIAE in his commit 900a6f2b9ea899bcf66cbc47848d6a8057bcaca0
 five years ago are quite minimal.

I guess the easiest way to get it compatible to the current code is to manually re-do those changes on the current release branch...

Ted

2019-07-21 21:25

administrator   ~0005818

Note that Org-server certificates already are valid for 2 years on the production system, only client certs are reduced to 1 year validity...

Ted

2019-07-21 21:57

administrator   ~0005819

Hmm, indeed rebasing the existing bug-775 worked fine, so I pushed the branch to the GitHub-repository. git.cacert.org is not (yet) updated.

Ted

2019-07-26 21:07

administrator   ~0005820

bug-775 is now merged into test-1442 and installed on the (old) testserver, so it may once more be tested...

Issue History

Date Modified Username Field Change
2009-09-05 10:25 Bas van den Dikkenberg New Issue
2009-09-06 12:12 homer Note Added: 0001476
2009-09-11 20:14 homer Note Added: 0001477
2009-09-11 20:15 homer Note Added: 0001478
2009-09-11 20:15 homer Status new => confirmed
2011-04-14 01:33 Uli60 Relationship added related to 0000897
2011-07-05 02:17 Uli60 Note Added: 0002085
2011-07-05 02:17 Uli60 Note Edited: 0002085 View Revisions
2011-07-05 02:27 Uli60 Note Edited: 0002085 View Revisions
2011-07-05 02:28 Uli60 Note Edited: 0002085 View Revisions
2011-07-05 02:31 Uli60 Note Edited: 0002085 View Revisions
2011-07-05 03:05 Uli60 Note Edited: 0002085 View Revisions
2011-07-05 11:49 Uli60 Note Edited: 0002085 View Revisions
2014-02-25 07:38 INOPIAE Assigned To => INOPIAE
2014-02-25 07:39 INOPIAE Note Added: 0004603
2014-02-25 07:39 INOPIAE Status confirmed => fix available
2015-01-21 21:51 BenBE Reviewed by => BenBE
2015-01-21 21:51 BenBE Note Added: 0005257
2015-01-21 21:51 BenBE Assigned To INOPIAE => dastrath
2015-01-21 21:51 BenBE Status fix available => needs review & testing
2015-01-21 21:51 BenBE Product Version => 2009 Q3
2015-01-21 21:51 BenBE Target Version => 2015 Q1
2015-01-21 22:24 INOPIAE Note Added: 0005260
2015-01-21 22:30 Uli60 Note Added: 0005261
2015-02-10 20:36 BenBE Assigned To dastrath => NEOatNHNG
2015-02-10 20:36 BenBE Status needs review & testing => needs review
2019-07-17 07:42 Ted Note Added: 0005816
2019-07-17 07:42 Ted Assigned To NEOatNHNG => Ted
2019-07-21 21:15 Ted Note Added: 0005817
2019-07-21 21:25 Ted Note Added: 0005818
2019-07-21 21:57 Ted Note Added: 0005819
2019-07-26 21:07 Ted Note Added: 0005820