Ticket 2389 Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA

This patch implements validity check on the notAfter value of the certInfo
and adjusts it to that of the CA's notAfter if exceeding

1 files changed, 3 insertions, 0 deletions

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 774ff94e3..495e4c0af 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -535,6 +535,9 @@ public class CertUtil {
                 CMS.debug("Creating local request exception:" + e.toString());
             }
 
+            // installAdjustValidity tells ValidityDefault to adjust the
+            // notAfter value to that of the CA's signing cert if needed
+            req.setExtData("installAdjustValidity", "true");
             processor.populate(req, info);
 
             PrivateKey caPrik = null;