Installing certs through the CSMS doesn't put them in all locations

During Testival, we participated in the Hubject PKI testing, which meant that Hubject used CSMS-based certificate management to install certs on EVerest. This installed `/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem ` but not `/etc/everest/certs/ca/mo/MO_ROOT_CA.pem` or `/etc/everest/certs/ca/mf/MF_ROOT_CA.pem`

When we then tried to initiate a PnC session, we got an error

```
80E3CFB1:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../openssl-3.0.16/ssl/record/rec_layer_s3.c:1605:SSL alert number 48
```

After copying over the root certs
```
  348  find /etc/everest/ -name \*.pem
  349  less /etc/everest/certs/ca/mo/MO_ROOT_CA.pem
  350  less /etc/everest/certs/ca/mo/MO_ROOT_CA.pem
  351  cp /etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem /etc/everest/certs/ca/mo/MO_ROOT_CA.pem
  352  find /etc/everest/ -name \*.pem
  353  less /etc/everest/certs/ca/mf/MF_ROOT_CA.pem
  354  cp /etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem /etc/everest/certs/ca/mf/MF_ROOT_CA.pem
```

that error went away (although it was replaced by a different one).

We need to verify that this happens by testing with a CSMS that supports certificate management, and then fix it.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Installing certs through the CSMS doesn't put them in all locations #127

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Installing certs through the CSMS doesn't put them in all locations #127

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions