Regenerate testing certificates

[marcofranssen]

The test certificates expired.

This PR refreshed the certificates using the shell script in the fixtures folder.

[stefan-zh]

I wonder if it's a good idea to include in this PR a removal of the -u on this line regenerateTestingCerts.sh#L174 that causes this issue with the transient dependency: #1593 (comment)

[marcofranssen]

@stefan-zh Not sure what you mean by that as I just pulled the repo, ran the script and got these certificates updated without any issues.

[stefan-zh]

@stefan-zh Not sure what you mean by that as I just pulled the repo, ran the script and got these certificates updated without any issues.

@marcofranssen You probably have the cfssljson binary pre-installed. Try removing it and regenerating certificates from scratch:

rm $(which cfssljson)
cd ./fixtures
./regenerateTestingCerts.sh

[ioannisgk]

I wonder if it's a good idea to include in this PR a removal of the -u on this line regenerateTestingCerts.sh#L174 that causes this issue with the transient dependency: #1593 (comment)

@stefan-zh I think you may be mistaken, this PR does not remove the -u option, please check here

I have just used notary with the newly created certificates and I see that everything is working perfectly, I think this PR should be merged to master.

Thank you @marcofranssen

[stefan-zh]

@ioannisgk I think you misunderstood my suggestion. I am suggesting that this PR should include a removal of the -u option on this line regenerateTestingCerts.sh#L174. I am proposing this additional change because certificates might not get regenerated properly in some cases and I think this PR is a proper place to add it.

Are there such cases? Yes, there are - this person ran into this issue #1593 (comment) and I ran into the same issue.

Why do we have this issue when we run the regenerateTestingCerts.sh script? Because we don't have the cfssl binary on our $GOPATH. Because of that regenerateTestingCerts.sh will try to get it and compile it. However, there is a transient issue with a dependency of cfssl called github.com/coreos/bbolt and the author of the comment above said this:

Not a go expert. I think it may be affected by github.com/coreos/bbolt now redirects to github.com/etcd-io/bbolt or the github.com/etcd-io/bbolt/

Is this issue solvable? Yes, it is. Someone else had this issue with the cfssl dependency, posted the issue on their GitHub repo cloudflare/cfssl#1183 and then someone provided an answer how to fix it: cloudflare/cfssl#1183 (comment), which includes the removal of the -u option.

[marcofranssen]

@stefan-zh I have applied your suggestion.

[stefan-zh]

These look good to me

[marcofranssen]

@seb-bah are we good to merge? can you handle the merge?

[seb-bah]

@seb-bah are we good to merge? can you handle the merge?

@marcofranssen I just tested this PR and we're good to go! I don't have write access to be able to merge.

[marcofranssen]

FYI @justincormack

[justincormack]

Thanks!