Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ca certificate of pre-configured TLS key/certicate expired on 28 Sept 2022 #3806

Closed
gunterze opened this issue Sep 30, 2022 · 0 comments
Closed

ca certificate of pre-configured TLS key/certicate expired on 28 Sept 2022 #3806

gunterze opened this issue Sep 30, 2022 · 0 comments
Assignees
@gunterze
Labels
bug Something isn't working
Milestone
5.29.0

Comments

@gunterze
Copy link
Member

gunterze commented Sep 30, 2022
edited

Update key and certificate in

  • binary distribution package
  • docker images of
    • Archive
    • Keycloak
    • slapd
    • OAuth2 Proxy
    • logstash

to:

$ keytool -list -v -storepass secret -keystore ~/work/dcm4che/dcm4che-assembly/src/etc/certs/key.p12
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: dcm4che
Creation date: Sep 30, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=dcm4che, O=dcm4che.org, C=AT
Issuer: OU=Gazelle, CN=IHE Europe CA, O=IHE Europe, C=FR
Serial number: 4b3
Valid from: Fri Sep 30 11:24:50 CEST 2022 until: Thu Sep 30 11:24:50 CEST 2032
Certificate fingerprints:
	 SHA1: B4:F5:09:33:B8:56:F0:D5:65:E9:3E:3D:02:1B:9D:00:F8:F8:F4:BA
	 SHA256: BD:60:1C:19:D4:ED:87:18:B3:EC:F6:53:52:91:00:C8:A2:70:21:0F:04:87:E6:B7:ED:15:23:A7:97:D8:28:AC
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 1024-bit RSA key (weak)
Version: 3

Extensions: 

#1: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
0000: 16 2E 68 74 74 70 73 3A   2F 2F 67 61 7A 65 6C 6C  ..https://gazell
0010: 65 2E 69 68 65 2E 6E 65   74 2F 70 6B 69 2F 63 72  e.ihe.net/pki/cr
0020: 6C 2F 32 36 35 36 2F 63   61 63 72 6C 2E 63 72 6C  l/2656/cacrl.crl


#2: ObjectId: 2.16.840.1.113730.1.4 Criticality=false
0000: 16 2E 68 74 74 70 73 3A   2F 2F 67 61 7A 65 6C 6C  ..https://gazell
0010: 65 2E 69 68 65 2E 6E 65   74 2F 70 6B 69 2F 63 72  e.ihe.net/pki/cr
0020: 6C 2F 32 36 35 36 2F 63   61 63 72 6C 2E 63 72 6C  l/2656/cacrl.crl


#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 1E 43 73 B4 55 FD 2A AD   5F A1 EC 8A 26 89 94 30  .Cs.U.*._...&..0
0010: 6D 62 39 8F                                        mb9.
]
]

#4: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: https://gazelle.ihe.net/pki/crl/2656/cacrl.crl]
]]

#6: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  emailProtection
  1.3.6.1.4.1.311.20.2.2
  serverAuth
]

#7: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
]

#8: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL client
   SSL server
   S/MIME
]

#9: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: *.j4care.com
  DNSName: *.lan.j4care.com
]

#10: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 19 89 30 9C C0 28 17 37   09 43 33 35 7F 34 82 68  ..0..(.7.C35.4.h
0010: 44 92 8F AC                                        D...
]
]

Certificate[2]:
Owner: OU=Gazelle, CN=IHE Europe CA, O=IHE Europe, C=FR
Issuer: OU=Gazelle, CN=IHE Europe CA, O=IHE Europe, C=FR
Serial number: 1
Valid from: Tue Nov 27 11:21:33 CET 2018 until: Mon Nov 27 11:21:33 CET 2028
Certificate fingerprints:
	 SHA1: 95:B3:01:BD:8B:97:46:D3:17:C4:E6:96:42:C9:84:FC:17:8D:E9:6F
	 SHA256: 21:EB:CA:86:4A:08:E9:A2:D2:1F:6E:84:37:8D:60:BB:14:92:4D:1B:B0:DD:B0:DC:75:03:0C:2E:F3:B2:6E:DD
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
0000: 16 2E 68 74 74 70 73 3A   2F 2F 67 61 7A 65 6C 6C  ..https://gazell
0010: 65 2E 69 68 65 2E 6E 65   74 2F 70 6B 69 2F 63 72  e.ihe.net/pki/cr
0020: 6C 2F 32 36 35 36 2F 63   61 63 72 6C 2E 63 72 6C  l/2656/cacrl.crl


#2: ObjectId: 2.16.840.1.113730.1.4 Criticality=false
0000: 16 2E 68 74 74 70 73 3A   2F 2F 67 61 7A 65 6C 6C  ..https://gazell
0010: 65 2E 69 68 65 2E 6E 65   74 2F 70 6B 69 2F 63 72  e.ihe.net/pki/cr
0020: 6C 2F 32 36 35 36 2F 63   61 63 72 6C 2E 63 72 6C  l/2656/cacrl.crl


#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 1E 43 73 B4 55 FD 2A AD   5F A1 EC 8A 26 89 94 30  .Cs.U.*._...&..0
0010: 6D 62 39 8F                                        mb9.
]
]

#4: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: https://gazelle.ihe.net/pki/crl/2656/cacrl.crl]
]]

#6: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#7: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL CA
   S/MIME CA
   Object Signing CA]

#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1E 43 73 B4 55 FD 2A AD   5F A1 EC 8A 26 89 94 30  .Cs.U.*._...&..0
0010: 6D 62 39 8F                                        mb9.
]
]



*******************************************
*******************************************



Warning:
<dcm4che> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.

Related dcm4che/dcm4che#1248
@gunterze gunterze added the bug Something isn't working label Sep 30, 2022
@gunterze gunterze added this to the 5.29.0 milestone Sep 30, 2022
@gunterze gunterze self-assigned this Sep 30, 2022
gunterze added a commit to dcm4che-dockerfiles/logstash-dcm4chee that referenced this issue Sep 30, 2022
@gunterze
Upgrade logstash in docker image to 8.4.2 dcm4che/dcm4chee-arc-light…
aaf8164 
…#3807 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/oauth2-proxy that referenced this issue Sep 30, 2022
@gunterze
ca certificate of pre-configured TLS key/certicate expired on 28 Sep…
0c2157d 
…t 2022 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/slapd that referenced this issue Sep 30, 2022
@gunterze
ldap docker image: upgrade alpine to 3.16.2 dcm4che/dcm4chee-arc-lig…
8f913b4 
…ht#3808 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/keycloak-quarkus that referenced this issue Sep 30, 2022
@gunterze
ca certificate of pre-configured TLS key/certicate expired on 28 Sep…
d5b4fc3 
…t 2022 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/slapd-dcm4chee that referenced this issue Sep 30, 2022
@gunterze
ca certificate of pre-configured TLS key/certicate expired on 28 Sep…
34a0c08 
…t 2022 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/dcm4chee-arc-psql that referenced this issue Sep 30, 2022
@gunterze
ca certificate of pre-configured TLS key/certicate expired on 28 Sep…
4e59222 
…t 2022 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/dcm4chee-arc-psql that referenced this issue Sep 30, 2022
@gunterze
ca certificate of pre-configured TLS key/certicate expired on 28 Sep…
8fcbf51 
…t 2022 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/dcm4chee-arc-psql that referenced this issue Sep 30, 2022
@gunterze
ca certificate of pre-configured TLS key/certicate expired on 28 Sep…
400ca14 
…t 2022 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/dcm4chee-arc-ui that referenced this issue Sep 30, 2022
@gunterze
ca certificate of pre-configured TLS key/certicate expired on 28 Sep…
cab4028 
…t 2022 dcm4che/dcm4chee-arc-light#3806
gunterze added a commit to dcm4che-dockerfiles/dcm4chee-arc-ui that referenced this issue Sep 30, 2022
@gunterze
ca certificate of pre-configured TLS key/certicate expired on 28 Sep…
5cae703 
…t 2022 dcm4che/dcm4chee-arc-light#3806
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gunterze gunterze

Labels
bug Something isn't working
Projects
None yet
Milestone
5.29.0
Development

No branches or pull requests
1 participant
@gunterze