diff options
author | Christina Fu <cfu@redhat.com> | 2016-06-28 18:00:03 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2016-06-29 09:13:42 -0700 |
commit | 659c90869a27871eda27fd730d00b0499873dae2 (patch) | |
tree | 7539d09a771fd8eac5f9b0cbcc071a92367200c2 /base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java | |
parent | dabe965786bbb367ea04f131d8f4ad2167b3f1cd (diff) | |
download | pki-659c90869a27871eda27fd730d00b0499873dae2.tar.gz pki-659c90869a27871eda27fd730d00b0499873dae2.tar.xz pki-659c90869a27871eda27fd730d00b0499873dae2.zip |
Ticket 2389 Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA
This patch implements validity check on the notAfter value of the certInfo
and adjusts it to that of the CA's notAfter if exceeding
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 774ff94e3..495e4c0af 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -535,6 +535,9 @@ public class CertUtil { CMS.debug("Creating local request exception:" + e.toString()); } + // installAdjustValidity tells ValidityDefault to adjust the + // notAfter value to that of the CA's signing cert if needed + req.setExtData("installAdjustValidity", "true"); processor.populate(req, info); PrivateKey caPrik = null; |