This repository was archived by the owner on Nov 24, 2025. It is now read-only.
This repository was archived by the owner on Nov 24, 2025. It is now read-only.
POST /deliveryservices/sslkeys/add accepts unrelated certificates #7046
Description
This Bug Report affects these Traffic Control components:
- Traffic Ops
Current behavior:
POST /api/4.1/deliveryservices/sslkeys/add accepts unrelated certificates included in the certificate.crt field
Expected behavior:
Including a certificate that is not part of the Leaf-Intermediate-Root chain should result in a response with a 400-level HTTP status code.
Steps to reproduce:
- Create Delivery Service 1
- Generate a self-signed certificate for DS 1
- Create Delivery Service 2
- Generate a self-signed certificate for DS 2
- Append the DS 2 certificate to the bottom of the DS 1 certificate and POST
POST /api/4.1/deliveryservices/sslkeys/add response (HTTP response status code 200):
{
"alerts": [
{
"text": "WARNING: SSL keys were successfully added for 'my-delivery-service-1', but the input certificate may be invalid (certificate is signed by an unknown authority)",
"level": "warning"
}
]
}