Expired test fixture cert #6476

SgtCoDFish · 2023-11-14T11:16:13Z

Lots of our tests started failing thanks to an expired cert in a test fixture.

This was added 5 years ago and expired recently: https://github.com/cert-manager/cert-manager/blob/d2f6bbe579fd9d5f88b82f9a4bfe9241709e9eb8/test/e2e/suite/issuers/ca/fixtures.go

We'll need to re-generate the cert and backport the new cert.

/kind bug

SgtCoDFish · 2023-11-14T12:42:14Z

For historical context, here are the three hardcoded certs:

Root

cert-manager/test/e2e/suite/issuers/ca/fixtures.go

Line 24 in d2f6bbe

const rootCert = `-----BEGIN CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            9c:d3:44:e2:27:98:39:10
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = UK, ST = NA, O = cert-manager, CN = cert-manager testing CA
        Validity
            Not Before: Sep 10 18:33:43 2017 GMT
            Not After : Sep  8 18:33:43 2027 GMT
        Subject: C = UK, ST = NA, O = cert-manager, CN = cert-manager testing CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cf:90:d8:03:b8:84:04:5a:bf:4a:b0:8e:4e:c8:
                    e2:61:21:e5:1d:b4:d4:74:bc:b3:b1:e9:68:b3:97:
                    04:db:ef:87:ba:89:f7:22:73:ea:32:ea:62:0e:84:
                    bc:fd:0a:fd:b2:b9:e8:2a:76:a1:ed:a2:81:de:c6:
                    3b:1a:55:dd:83:ce:73:70:86:d0:20:aa:1c:ca:6b:
                    11:cb:f1:8f:6c:41:29:7d:34:46:d7:27:e2:85:4b:
                    84:33:e1:01:bd:01:57:f4:7b:34:52:de:5b:1c:e1:
                    fa:08:2f:3c:8d:57:9b:5a:8b:69:66:2a:61:91:09:
                    e5:b0:6c:61:70:f7:b4:f7:52:e0:61:88:35:1c:fc:
                    66:f8:a1:e3:a7:f4:67:6c:15:90:21:a8:4e:9b:1b:
                    5f:c1:ce:ef:8b:1a:d8:36:b2:52:3c:c0:b1:61:a5:
                    3b:96:d9:1a:23:12:1e:30:c4:9d:ff:72:7a:4d:93:
                    72:31:32:56:8a:21:a0:e2:da:42:0f:e7:83:6d:53:
                    e5:15:b3:79:92:93:97:57:33:9f:0b:86:56:bf:6d:
                    65:f1:c5:ab:14:39:a9:e6:88:77:ed:48:0a:dc:4d:
                    be:41:23:6d:39:d9:97:a5:b2:f4:2b:61:9f:47:71:
                    c0:e7:92:e5:3a:8c:27:b4:85:35:7c:b5:82:9e:23:
                    7f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                06:DA:E3:BD:67:DB:90:B0:34:89:7E:AC:29:54:61:29:4A:3C:EB:89
            X509v3 Authority Key Identifier: 
                keyid:06:DA:E3:BD:67:DB:90:B0:34:89:7E:AC:29:54:61:29:4A:3C:EB:89
                DirName:/C=UK/ST=NA/O=cert-manager/CN=cert-manager testing CA
                serial:9C:D3:44:E2:27:98:39:10
            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        91:fa:35:e1:ba:9e:6d:08:ac:21:01:ff:31:82:fa:79:f3:d0:
        5c:cd:03:a3:9a:8b:6e:64:61:0b:0d:c8:a7:b7:6c:b6:eb:70:
        a1:11:db:28:2e:1c:89:7e:f1:42:01:97:d3:4a:6f:94:4f:de:
        47:97:e6:4a:56:ea:15:11:c0:12:ee:e7:5a:15:41:69:0b:f8:
        08:61:53:a2:1f:8f:ee:bc:9a:6c:e1:2a:55:08:1e:fe:4f:fa:
        2b:71:38:d9:d9:ec:13:db:79:90:01:08:3e:07:e8:b0:5f:d5:
        42:a1:ff:9f:69:d9:18:3a:0d:57:0f:df:de:6a:3e:84:f4:c7:
        17:20:3d:e2:b8:25:e0:d3:64:66:10:ec:15:32:b4:e0:80:73:
        f0:1e:b3:86:02:29:52:69:97:39:f1:c2:59:1e:63:18:95:3e:
        6b:1a:b2:5c:59:2f:c0:c9:79:c7:54:ea:1d:28:2d:34:e3:28:
        e1:ef:0f:5a:49:b0:82:6c:02:f4:b4:31:27:86:6e:09:ad:bf:
        1c:c6:de:e9:0d:66:dd:11:55:1e:ba:4f:4b:65:14:2d:96:e6:
        01:9e:62:54:91:0e:c0:2d:f5:1f:52:1f:d1:52:90:95:e2:e2:
        3a:b0:42:37:34:35:f6:62:a4:1b:3a:db:01:0f:f8:4d:68:bd:
        45:f3:91:40

Intermediate 1

cert-manager/test/e2e/suite/issuers/ca/fixtures.go

Line 88 in d2f6bbe

const issuer1Cert = `-----BEGIN CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:02:66:33:8a:ea:9e:48:fa:e7:fd:2c:15:14:88:8d:73:65:98:66
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = UK, ST = NA, O = cert-manager, CN = cert-manager testing CA
        Validity
            Not Before: Nov 15 00:04:00 2018 GMT
            Not After : Nov 14 00:04:00 2023 GMT
        Subject: C = UK, ST = NA, O = cert-manager, CN = cert-manager testing Issuer
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ab:9b:02:07:0b:25:f5:ec:a6:c0:cd:35:1f:d3:
                    3b:e5:14:cb:4b:3d:0c:4d:bc:c3:83:97:b3:ba:40:
                    a6:97:bb:ae:d2:b5:6b:9d:f5:33:d9:46:83:e8:d9:
                    3e:bc:93:3c:44:78:1d:ea:1b:84:89:3b:87:58:93:
                    99:c5:47:a7:59:83:07:72:05:0d:f2:8b:f2:32:8d:
                    12:7b:07:19:37:27:e7:16:35:46:41:62:84:53:e9:
                    84:18:b2:1b:0b:d8:4b:89:c6:8b:53:6e:6f:14:c0:
                    fa:45:b4:3d:b7:1f:de:9a:36:35:63:5d:9e:d0:07:
                    68:c7:2f:30:49:2a:f8:d7:68:48:42:b5:1c:00:87:
                    43:c4:2a:b6:a7:ca:53:13:03:5c:c1:43:98:90:f6:
                    d7:fe:0f:33:a8:aa:84:3c:36:1c:f7:bc:ec:56:3b:
                    28:a7:58:02:c3:15:f0:a9:d3:e4:32:06:27:a5:1b:
                    b9:aa:d3:b8:cc:d7:66:ad:1a:f3:f6:96:b2:da:3f:
                    86:b0:49:8a:bf:82:43:09:8d:21:88:38:d4:6f:26:
                    d4:28:14:cf:46:b7:15:8c:6d:bc:b3:59:c1:e7:96:
                    f7:e4:a2:56:5d:05:0a:26:a3:2f:0b:34:1c:85:b9:
                    e1:14:c9:e3:83:a6:af:6f:db:c8:80:7e:96:65:7a:
                    dc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:3
            X509v3 Subject Key Identifier: 
                44:89:9D:31:EF:9C:99:FC:A8:83:9B:FC:90:FE:9F:0E:28:D3:2C:67
            X509v3 Authority Key Identifier: 
                06:DA:E3:BD:67:DB:90:B0:34:89:7E:AC:29:54:61:29:4A:3C:EB:89
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        6b:7b:46:b5:84:3e:13:d1:6f:44:ff:21:a1:93:a3:bc:93:5d:
        62:eb:7b:e1:80:87:0c:78:dd:7f:44:cb:60:25:1c:08:58:87:
        f7:88:a5:c0:c0:07:88:8e:45:d9:78:61:92:35:68:7c:a4:2d:
        70:16:f1:3d:2c:8a:26:85:92:cf:4a:7f:bd:f0:52:7d:74:b7:
        dc:69:05:c3:38:4c:99:33:bd:4e:4e:c5:90:29:2e:0d:54:d9:
        68:1c:ec:55:ce:e8:c4:ba:32:08:67:87:1a:55:b3:a5:41:6c:
        5f:ee:53:f2:76:75:cf:f9:2e:c6:b0:c5:3c:be:53:ac:53:64:
        42:f6:33:7e:c9:eb:a1:a3:e6:55:82:e4:82:ef:a9:e2:08:6f:
        a4:fc:bc:df:e3:a0:8c:01:9b:51:2d:db:fd:14:f1:6d:b6:87:
        41:9e:87:5a:a4:e1:20:92:11:b0:87:2c:ff:27:a7:8b:47:5b:
        7d:0d:69:71:a5:0d:6f:93:8e:47:75:3d:c7:0f:3d:42:36:51:
        7f:e4:7c:d8:a5:50:6e:b3:9e:77:67:b4:85:87:6c:75:ba:62:
        9f:99:35:16:aa:66:c5:b2:c9:6b:db:2e:30:da:79:21:c8:6d:
        be:8c:7f:a4:96:1f:84:bd:ef:62:e2:ae:d8:68:ed:04:32:53:
        8e:24:c6:ab

Intermediate 2

cert-manager/test/e2e/suite/issuers/ca/fixtures.go

Line 152 in d2f6bbe

const issuer2Cert = `-----BEGIN CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:a9:ba:d6:ec:98:b7:62:02:19:17:19:9c:14:a3:61:a3:e8:9e:ea
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = UK, ST = NA, O = cert-manager, CN = cert-manager testing Issuer
        Validity
            Not Before: Nov 15 00:04:00 2018 GMT
            Not After : Nov 14 00:04:00 2023 GMT
        Subject: C = UK, ST = NA, O = cert-manager, CN = cert-manager testing Issuer Level 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c4:66:d5:c6:02:70:79:80:ed:4b:45:de:f2:12:
                    2e:2a:1b:e5:e8:76:df:89:e3:36:9d:f7:9e:41:56:
                    8c:3b:04:f5:98:22:08:8c:55:6f:d1:41:77:ea:e4:
                    2a:7d:31:90:f3:24:7b:bf:65:9a:bd:64:56:49:a3:
                    a4:06:74:63:4c:3f:20:34:84:5f:c2:4c:26:fb:72:
                    b8:0a:12:ef:da:f4:5b:ea:e7:74:41:b9:1b:32:46:
                    2e:cc:0e:2b:48:2c:bc:6c:a5:e2:2f:04:f5:ae:62:
                    b5:49:11:6b:4d:4e:11:31:48:89:ac:b4:8b:03:4c:
                    51:89:c8:7e:59:bc:1b:f5:2e:d8:98:6b:fc:74:b2:
                    58:d0:fe:28:bc:d7:e6:03:03:b2:2b:f8:1d:db:42:
                    b0:d1:ec:b5:d3:30:06:be:1d:92:20:b3:a6:2f:8d:
                    fd:bd:8a:4e:08:26:63:ce:0a:79:54:15:a6:64:5c:
                    21:5a:15:af:4e:ae:73:76:13:6b:69:a5:aa:bc:37:
                    a9:7d:7a:77:9a:fd:0c:b6:2b:ae:ad:54:4f:71:d7:
                    07:43:c9:be:fb:08:8c:93:7c:7a:a2:a4:df:73:1c:
                    6e:29:e3:55:1d:58:c2:0f:50:61:a2:47:a4:13:cf:
                    c4:b2:f4:03:33:46:db:d4:9e:6d:12:ed:1a:f2:9e:
                    c6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:3
            X509v3 Subject Key Identifier: 
                7A:77:0B:E4:9E:D4:B6:4C:71:0D:01:D2:2C:9C:24:BB:F0:AA:8F:65
            X509v3 Authority Key Identifier: 
                44:89:9D:31:EF:9C:99:FC:A8:83:9B:FC:90:FE:9F:0E:28:D3:2C:67
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        3f:96:7b:eb:f8:69:cc:24:30:3e:67:b3:04:31:10:1c:a9:d2:
        12:70:ed:fc:2d:54:0d:3b:7e:34:8c:53:1c:32:49:96:61:39:
        f2:36:81:2f:23:87:e7:0a:89:fd:3b:3d:85:b0:57:19:a7:dd:
        06:9e:2b:b4:d6:50:cb:cb:34:7e:d5:2b:1f:15:fe:b3:c2:a1:
        95:51:5d:bd:86:27:51:e8:1b:c3:54:62:cc:e9:23:27:6e:05:
        d4:77:e4:4f:bc:02:2b:1d:4d:c1:b9:21:76:b1:13:e2:c3:b6:
        2a:ce:03:55:65:0d:9d:50:5f:90:f9:1f:8e:9e:ee:62:e3:b0:
        b0:54:53:9d:e8:37:7b:c6:be:7e:10:26:87:1b:2b:88:1f:f4:
        6c:5c:bb:c1:fb:6a:de:27:97:44:97:7a:01:c6:2c:b2:cd:8d:
        68:3a:4b:7a:cb:81:eb:07:c9:fd:d0:95:8f:99:72:1f:f6:84:
        3c:4f:ea:77:3d:bb:05:93:3e:ba:ee:76:d5:9d:50:a4:74:02:
        ad:53:f6:57:d3:d4:b5:8c:65:4a:b0:e2:ac:cc:0d:6a:87:11:
        5c:33:2f:b0:92:4c:87:ab:82:63:bf:ea:bf:56:05:71:2f:91:
        f3:13:0e:33:c8:a4:bd:63:69:5c:c2:10:a2:70:ca:cb:28:81:
        ad:f7:57:d0

fixes cert-manager#6476 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>

SgtCoDFish · 2023-11-14T15:01:21Z

Backport PRs are #6480 and #6481

fixes cert-manager#6476 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>

SgtCoDFish self-assigned this Nov 14, 2023

jetstack-bot added the kind/bug Categorizes issue or PR as related to a bug. label Nov 14, 2023

SgtCoDFish added a commit to SgtCoDFish/cert-manager that referenced this issue Nov 14, 2023

regenerate hardcoded certs

96e081f

fixes cert-manager#6476 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>

SgtCoDFish mentioned this issue Nov 14, 2023

Regenerate hardcoded certs #6477

Merged

jetstack-bot closed this as completed in #6477 Nov 14, 2023

jetstack-bot pushed a commit to jetstack-bot/cert-manager that referenced this issue Nov 14, 2023

regenerate hardcoded certs

53520d1

fixes cert-manager#6476 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>

jetstack-bot pushed a commit to jetstack-bot/cert-manager that referenced this issue Nov 14, 2023

regenerate hardcoded certs

2d6741f

fixes cert-manager#6476 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>

This was referenced Nov 14, 2023

[release-1.13] Regenerate hardcoded certs #6480

Merged

[release-1.12] Regenerate hardcoded certs #6481

Merged

kangsheng89 pushed a commit to kangsheng89/cert-manager that referenced this issue Dec 1, 2023

regenerate hardcoded certs

7cbaf64

fixes cert-manager#6476 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>

logand22 pushed a commit to gravitational/cert-manager that referenced this issue Mar 8, 2024

regenerate hardcoded certs

e285f0c

fixes cert-manager#6476 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Expired test fixture cert #6476

Expired test fixture cert #6476

SgtCoDFish commented Nov 14, 2023

SgtCoDFish commented Nov 14, 2023

SgtCoDFish commented Nov 14, 2023

Expired test fixture cert #6476

Expired test fixture cert #6476

Comments

SgtCoDFish commented Nov 14, 2023

SgtCoDFish commented Nov 14, 2023

Root

Intermediate 1

Intermediate 2

SgtCoDFish commented Nov 14, 2023