Task #5793: IARC: Verify successful installation of server side certificate - Member Nodes - DataONE Tasks

Task #5793

MNDeployment #4700: IARC (International Arctic Research Center) Data Archive

Task #5759: IARC: Testing

Task #5788: IARC: Registration in environment (production)

Task #5790: IARC: SSL Certificates

IARC: Verify successful installation of server side certificate

Added by Roger Dahl almost 10 years ago. Updated almost 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Mark Servilla

Target version:

Operational

Start date:

2014-07-17

Due date:

% Done:

100%

Story Points:

Sprint:

Description

After notification from the MN that the server side certificate has been installed, verify that it is working correctly.

History

#1 Updated by Laura Moyers over 9 years ago

Target version changed from Deploy by end of Y5Q4 to Deploy by end of Y1Q1

#2 Updated by Laura Moyers over 9 years ago

Target version changed from Deploy by end of Y1Q1 to Deploy by end of NCTE

#3 Updated by Laura Moyers about 9 years ago

Assignee set to Mark Servilla
Status changed from New to In Progress
% Done changed from 0 to 30

#4 Updated by Mark Servilla almost 9 years ago

% Done changed from 30 to 100
translation missing: en.field_remaining_hours set to 0.0
Status changed from In Progress to Closed

Server side certificate for https://trusty.iarc.uaf.edu is in place and working correctly:

openssl s_client -connect trusty.iarc.uaf.edu:443
CONNECTED(00000003)
depth=2 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain

verify return:0¶

Certificate chain
0 s:/C=US/postalCode=99775-7340/ST=Alaska/L=Fairbanks/street=930 Koyukuk Drive/O=University of Alaska Statewide System/OU=IARC/CN=trusty.iarc.uaf.edu
i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
2 s:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA

i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root¶

Server certificate
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgIRAPUVmcrthm5rU3eyJmBPJi4wDQYJKoZIhvcNAQEFBQAw
UTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5D
b21tb24xGzAZBgNVBAMTEkluQ29tbW9uIFNlcnZlciBDQTAeFw0xNDExMDQwMDAw
MDBaFw0xNTExMDQyMzU5NTlaMIHAMQswCQYDVQQGEwJVUzETMBEGA1UEERMKOTk3
NzUtNzM0MDEPMA0GA1UECBMGQWxhc2thMRIwEAYDVQQHEwlGYWlyYmFua3MxGjAY
BgNVBAkTETkzMCBLb3l1a3VrIERyaXZlMS4wLAYDVQQKEyVVbml2ZXJzaXR5IG9m
IEFsYXNrYSBTdGF0ZXdpZGUgU3lzdGVtMQ0wCwYDVQQLEwRJQVJDMRwwGgYDVQQD
ExN0cnVzdHkuaWFyYy51YWYuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxsKE2av4rE2tsLw4CMP3sM3+nwSSSD4/occCm7AQvRc6JQ6a9GY8cNes
qu2LnZAnw/RHoZYyiAS9OeAah2hp/roCT6CohlAhP1j/hwVNyEB2Nk+IvQ57715H
d1p/prLVZV+Pdml7DzSmV4w/DM3ESncjiyFV9bBsIetHTTtUpHw0+4sWZeuEUwJ4
aG1zsmnXGTptiPVb5rjIbSLsmae1m6yVJySvtRa6Kg/kaA0A4fr+Y+xGcLlqRXRa
8ddvlqRV+dDU2F8OIc8/V6zEHRcLpSJY0g8lJ4sWr93oCM4/rcqP38ijTZmVgt3w
f3cCvwxfbf1s8HmLa+ZGPSuqC53g8QIDAQABo4IBujCCAbYwHwYDVR0jBBgwFoAU
SE9a+i9Kml7gUPNre1Wl3vW+NF0wHQYDVR0OBBYEFG7tAa9q3P2G4ROgN/is2mv1
bVoTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBnBgNVHSAEYDBeMFIGDCsGAQQBriMBBAMBATBCMEAG
CCsGAQUFBwIBFjRodHRwczovL3d3dy5pbmNvbW1vbi5vcmcvY2VydC9yZXBvc2l0
b3J5L2Nwc19zc2wucGRmMAgGBmeBDAECAjA9BgNVHR8ENjA0MDKgMKAuhixodHRw
Oi8vY3JsLmluY29tbW9uLm9yZy9JbkNvbW1vblNlcnZlckNBLmNybDBvBggrBgEF
BQcBAQRjMGEwOQYIKwYBBQUHMAKGLWh0dHA6Ly9jZXJ0LmluY29tbW9uLm9yZy9J
bkNvbW1vblNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuaW5j
b21tb24ub3JnMB4GA1UdEQQXMBWCE3RydXN0eS5pYXJjLnVhZi5lZHUwDQYJKoZI
hvcNAQEFBQADggEBAEAA6+Zy5uMIgYdsj+GUqfAWA5e0jwbJWcD1fhWugWfwwjNa
4Lk4j0CE+7CspIoNRIDFtuy0bqrSebZuT24uVordEqW2H719apJwBdU77L1ZOcXe
m8u9NzXK7YDIepLXmF6xY6USZXwAkfr9RL1OurUCJow47Y5NTbtYvx9VqZMRBcwS
4aBOSKEpsk8/CqOgEVx89UxhbyEY7FzSP9p6K/9ClrvybiYWxwriK9tC1uSsYGUU
ZE7QS7VlXCBR8ZAsvNB86f9/9aVhetKrV5Hk085pRGNJ8Ei0qhzy2RMsZ92ukx4S
4TKhn39/bjbwNE1f2Cqxm+ONz8F2b5dQLvuGfhI=
-----END CERTIFICATE-----
subject=/C=US/postalCode=99775-7340/ST=Alaska/L=Fairbanks/street=930 Koyukuk Drive/O=University of Alaska Statewide System/OU=IARC/CN=trusty.iarc.uaf.edu

issuer=/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA¶

Acceptable client certificate CA names
/DC=org/DC=dataone/CN=DataONE Root CA
/DC=org/DC=dataone/CN=DataONE Test CA
/DC=org/DC=dataone/CN=DataONE Production CA
/DC=org/DC=dataone/CN=DataONE Test Intermediate CA
/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon OpenID CA 1
/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1
/C=US/ST=AK/O=University of Alaska Fairbanks/CN=CA for GMN Client Side Certificates/emailAddress=archive@iarc.uaf.edu

/C=US/ST=Alaska/L=Fairbanks/O=University of Alaska Fairbanks/OU=International Arctic Research Center/CN=jl.iarc.uaf.edu¶

SSL handshake has read 5630 bytes and written 468 bytes¶

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 78AD553AF10B3E56C99B0F2CAE08D9BF17F9800EC378AC08FCE629BEB4957C39
Session-ID-ctx:
Master-Key: 3575121D3E0563A314CA1C2D2308D460B546B04FDE0701FC7EB67890BAD537FCFBCCC55E21A7CA72BA8E86AC9B83D9F0
Key-Arg : None
Start Time: 1431364683
Timeout : 300 (sec)

Verify return code: 0 (ok)¶

Also available in: Atom PDF

Project

General

Profile

Member Nodes

Issues

Custom queries