From 92eec5cc9c014aae35dc65ba0bc145f47b0d0acd Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Wed, 21 Oct 2020 18:52:55 -0700
Subject: [PATCH 01/22] revocation should only check for not expired and not
 revoked certs

---
 lemur/certificates/service.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 6d1bd2ac..6daaa641 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -105,7 +105,7 @@ def get_all_certs():
 
 def get_all_valid_certs(authority_plugin_name):
     """
-    Retrieves all valid (not expired) certificates within Lemur, for the given authority plugin names
+    Retrieves all valid (not expired & not revoked) certificates within Lemur, for the given authority plugin names
     ignored if no authority_plugin_name provided.
 
     Note that depending on the DB size retrieving all certificates might an expensive operation
@@ -116,11 +116,12 @@ def get_all_valid_certs(authority_plugin_name):
         return (
             Certificate.query.outerjoin(Authority, Authority.id == Certificate.authority_id).filter(
                 Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter(
-                Authority.plugin_name.in_(authority_plugin_name)).all()
+                Authority.plugin_name.in_(authority_plugin_name)).filter(Certificate.revoked.is_(False)).all()
         )
     else:
         return (
-            Certificate.query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD")).all()
+            Certificate.query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter(
+                Certificate.revoked.is_(False)).all()
         )
 
 

From 906b3b2337c56486584a4751a0a3b77270c0ebcf Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Wed, 21 Oct 2020 19:52:25 -0700
Subject: [PATCH 02/22] better handling of status code

---
 lemur/plugins/lemur_entrust/plugin.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py
index 515e2400..d3f2c202 100644
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@@ -109,7 +109,12 @@ def handle_response(my_response):
         "response": d
     }
     current_app.logger.info(log_data)
-    return d
+    if d == {'response': 'No detailed message'}:
+        # status if no data
+        return s
+    else:
+        #  return data from the response
+        return d
 
 
 class EntrustIssuerPlugin(IssuerPlugin):
@@ -211,7 +216,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
         deactivate_url = f"{base_url}/certificates/{certificate.external_id}/deactivations"
         response = self.session.post(deactivate_url)
         metrics.send("entrust_deactivate_certificate", "counter", 1)
-        return handle_response(response)
+        return response.status_code
 
     @staticmethod
     def create_authority(options):

From a4dba0cb35a02960e6d63d6aa7bc7291673a4943 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Wed, 21 Oct 2020 19:52:51 -0700
Subject: [PATCH 03/22] creating a cli to handle entrust deactivation

---
 lemur/certificates/cli.py | 41 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py
index b883dee0..224f02a2 100644
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@@ -735,3 +735,44 @@ def automatically_enable_autorotate():
                                   })
         cert.rotation = True
         database.update(cert)
+
+
+@manager.command
+def deactivate_entrust_certificates():
+    """
+    Attempt to deactivate test certificates issued by Entrust
+    """
+
+    log_data = {
+        "function": f"{__name__}.{sys._getframe().f_code.co_name}",
+        "message": "Deactivating Entrust certificates"
+    }
+
+    certificates = get_all_valid_certs(['entrust-issuer'])
+    entrust_plugin = plugins.get('entrust-issuer')
+    for cert in certificates:
+        try:
+            response = entrust_plugin.deactivate_certificate(cert)
+            if response == 200:
+                cert.status = "revoked"
+            else:
+                cert.status = "unknown"
+
+            log_data["valid"] = cert.status
+            log_data["certificate_name"] = cert.name
+            log_data["certificate_id"] = cert.id
+            metrics.send(
+                "certificate_deactivate",
+                "counter",
+                1,
+                metric_tags={"status": log_data["valid"],
+                             "certificate_name": log_data["certificate_name"],
+                             "certificate_id": log_data["certificate_id"]},
+            )
+            current_app.logger.info(log_data)
+
+            database.update(cert)
+
+        except Exception as e:
+            sentry.captureException()
+            current_app.logger.exception(e)

From 2cc03088cdba41bfaffb5ebacd28379a521f235b Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Wed, 21 Oct 2020 19:53:08 -0700
Subject: [PATCH 04/22] creating a celery task

---
 lemur/common/celery.py | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/lemur/common/celery.py b/lemur/common/celery.py
index a490b13b..f72fd207 100644
--- a/lemur/common/celery.py
+++ b/lemur/common/celery.py
@@ -759,7 +759,7 @@ def check_revoked():
 
     log_data = {
         "function": function,
-        "message": "check if any certificates are revoked revoked",
+        "message": "check if any valid certificate is revoked",
         "task_id": task_id,
     }
 
@@ -842,3 +842,39 @@ def enable_autorotate_for_certs_attached_to_endpoint():
     cli_certificate.automatically_enable_autorotate()
     metrics.send(f"{function}.success", "counter", 1)
     return log_data
+
+
+@celery.task(soft_time_limit=3600)
+def deactivate_entrust():
+    """
+    This celery task attempts to deactivate all not yet deactivated Entrust certificates, and should only run in TEST
+    :return:
+    """
+    function = f"{__name__}.{sys._getframe().f_code.co_name}"
+    task_id = None
+    if celery.current_task:
+        task_id = celery.current_task.request.id
+
+    log_data = {
+        "function": function,
+        "message": "deactivate entrust certificates",
+        "task_id": task_id,
+    }
+
+    if task_id and is_task_active(function, task_id, None):
+        log_data["message"] = "Skipping task: Task is already active"
+        current_app.logger.debug(log_data)
+        return
+
+    current_app.logger.debug(log_data)
+    try:
+        cli_certificate.deactivate_entrust_certificates()
+    except SoftTimeLimitExceeded:
+        log_data["message"] = "Time limit exceeded."
+        current_app.logger.error(log_data)
+        sentry.captureException()
+        metrics.send("celery.timeout", "counter", 1, metric_tags={"function": function})
+        return
+
+    metrics.send(f"{function}.success", "counter", 1)
+    return log_data

From c40ecd12cbe8df3913897df5fd2fb95ce6e559d6 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 10:58:16 -0700
Subject: [PATCH 05/22] improved naming

---
 lemur/common/celery.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/common/celery.py b/lemur/common/celery.py
index f72fd207..f9d58bd9 100644
--- a/lemur/common/celery.py
+++ b/lemur/common/celery.py
@@ -845,7 +845,7 @@ def enable_autorotate_for_certs_attached_to_endpoint():
 
 
 @celery.task(soft_time_limit=3600)
-def deactivate_entrust():
+def deactivate_entrust_test_certificates():
     """
     This celery task attempts to deactivate all not yet deactivated Entrust certificates, and should only run in TEST
     :return:

From 2e7e3a82fa0b909ea83b0989e2f32dee084a1bce Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 11:57:54 -0700
Subject: [PATCH 06/22] Update cli.py

logging in exception
---
 lemur/certificates/cli.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py
index 224f02a2..cf2ff367 100644
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@@ -774,5 +774,7 @@ def deactivate_entrust_certificates():
             database.update(cert)
 
         except Exception as e:
+            current_app.logger.info(log_data)
             sentry.captureException()
             current_app.logger.exception(e)
+            

From 03d1af16e7725527bbd5b5e80b417c05ddfd3108 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 15:59:38 -0700
Subject: [PATCH 07/22] better logging for exceptions around all plugins

---
 lemur/certificates/service.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 6d1bd2ac..9c544124 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -359,7 +359,12 @@ def create(**kwargs):
     try:
         cert_body, private_key, cert_chain, external_id, csr = mint(**kwargs)
     except Exception:
-        current_app.logger.error("Exception minting certificate", exc_info=True)
+        log_data = {
+            "message": "Exception minting certificate",
+            "issuer": kwargs["authority"].name,
+            "cn": kwargs["common_name"],
+        }
+        current_app.logger.error(log_data, exc_info=True)
         sentry.captureException()
         raise
     kwargs["body"] = cert_body

From c2fe2b5e0384ade0e0f2f2567e8cb1545b62ed85 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 15:59:59 -0700
Subject: [PATCH 08/22] improved logging for all responses

---
 lemur/plugins/lemur_entrust/plugin.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py
index 515e2400..03919686 100644
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@@ -20,7 +20,13 @@ def log_status_code(r, *args, **kwargs):
     :param kwargs:
     :return:
     """
+    log_data = {
+        "reason": (r.reason if r.reason else ""),
+        "status_code": r.status_code,
+        "url": (r.url if r.url else ""),
+    }
     metrics.send(f"entrust_status_code_{r.status_code}", "counter", 1)
+    current_app.logger.info(log_data)
 
 
 def determine_end_date(end_date):

From c60645bec49f23d7c55276d1a17e7c316d683cf0 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 16:00:26 -0700
Subject: [PATCH 09/22] improved logging for all responses

---
 lemur/plugins/lemur_digicert/plugin.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index f28279a6..9a322371 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -37,7 +37,13 @@ def log_status_code(r, *args, **kwargs):
     :param kwargs:
     :return:
     """
+    log_data = {
+        "reason": (r.reason if r.reason else ""),
+        "status_code": r.status_code,
+        "url": (r.url if r.url else ""),
+    }
     metrics.send("digicert_status_code_{}".format(r.status_code), "counter", 1)
+    current_app.logger.info(log_data)
 
 
 def signature_hash(signing_algorithm):

From 8fa90a2ce54539853ee7ff2769b5f35ad3e2865f Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 16:01:09 -0700
Subject: [PATCH 10/22] digicert expects also seconds, though not yet honoring
 it

---
 lemur/plugins/lemur_digicert/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 9a322371..61a274fa 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -177,7 +177,7 @@ def map_cis_fields(options, csr):
         "csr": csr,
         "signature_hash": signature_hash(options.get("signing_algorithm")),
         "validity": {
-            "valid_to": validity_end.format("YYYY-MM-DDTHH:MM") + "Z"
+            "valid_to": validity_end.format("YYYY-MM-DDTHH:MM:SS") + "Z"
         },
         "organization": {
             "name": options["organization"],

From 02c040865d6ca5a1c5fec2fe1e2cf039515bb08d Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 16:05:29 -0700
Subject: [PATCH 11/22] more meaningful message

---
 lemur/plugins/lemur_digicert/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 61a274fa..574c8e8e 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -210,7 +210,7 @@ def handle_response(response):
     :return:
     """
     if response.status_code > 399:
-        raise Exception(response.json()["errors"][0]["message"])
+        raise Exception("DigiCert rejected certificate request with the following error:" + response.json()["errors"][0]["message"])
 
     return response.json()
 

From 1c96ea9ab1ee8f1e8c36331510e3866aace74bcf Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 17:10:32 -0700
Subject: [PATCH 12/22] better messaging of exceptions

---
 lemur/plugins/lemur_digicert/plugin.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 574c8e8e..a100954f 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -221,10 +221,13 @@ def handle_cis_response(response):
     :param response:
     :return:
     """
-    if response.status_code > 399:
-        raise Exception(response.text)
-
     return response.json()
+    if response.status_code == 404:
+        raise Exception("DigiCert: Order not in issued state.")
+    elif response.status_code == 406:
+        raise Exception("DigiCert: Wrong Header")
+    elif response.status_code > 399:
+        raise Exception("DigiCert rejected request with the error:" + response.text)
 
 
 @retry(stop_max_attempt_number=10, wait_fixed=10000)

From 2e7652962cbbe4403ff44dc0df9550882e1e1b10 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 17:11:02 -0700
Subject: [PATCH 13/22] refactoring of the error handling

---
 lemur/plugins/lemur_digicert/plugin.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index a100954f..4143019e 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -221,7 +221,6 @@ def handle_cis_response(response):
     :param response:
     :return:
     """
-    return response.json()
     if response.status_code == 404:
         raise Exception("DigiCert: Order not in issued state.")
     elif response.status_code == 406:
@@ -229,6 +228,11 @@ def handle_cis_response(response):
     elif response.status_code > 399:
         raise Exception("DigiCert rejected request with the error:" + response.text)
 
+    if response.url.endswith("download"):
+        return response.content
+    else:
+        return response.json()
+
 
 @retry(stop_max_attempt_number=10, wait_fixed=10000)
 def get_certificate_id(session, base_url, order_id):
@@ -247,11 +251,9 @@ def get_cis_certificate(session, base_url, order_id):
     certificate_url = "{0}/platform/cis/certificate/{1}/download".format(base_url, order_id)
     session.headers.update({"Accept": "application/x-pkcs7-certificates"})
     response = session.get(certificate_url)
+    response_content = handle_cis_response(response)
 
-    if response.status_code == 404:
-        raise Exception("Order not in issued state.")
-
-    cert_chain_pem = convert_pkcs7_bytes_to_pem(response.content)
+    cert_chain_pem = convert_pkcs7_bytes_to_pem(response_content)
     if len(cert_chain_pem) < 3:
         raise Exception("Missing the certificate chain")
     return cert_chain_pem

From ae1e9d120b8751c1de9fc7fee706cb79f3bf46d8 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 17:13:58 -0700
Subject: [PATCH 14/22] consistent messaging

---
 lemur/plugins/lemur_digicert/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 4143019e..345bea72 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -210,7 +210,7 @@ def handle_response(response):
     :return:
     """
     if response.status_code > 399:
-        raise Exception("DigiCert rejected certificate request with the following error:" + response.json()["errors"][0]["message"])
+        raise Exception("DigiCert rejected request with the error:" + response.json()["errors"][0]["message"])
 
     return response.json()
 

From 9acd974b7451f63baf363b0f9e88e77cb2b82219 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 17:20:47 -0700
Subject: [PATCH 15/22] fixing the test to support seconds

---
 lemur/plugins/lemur_digicert/tests/test_digicert.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/tests/test_digicert.py b/lemur/plugins/lemur_digicert/tests/test_digicert.py
index 34dcef71..fe47c5b8 100644
--- a/lemur/plugins/lemur_digicert/tests/test_digicert.py
+++ b/lemur/plugins/lemur_digicert/tests/test_digicert.py
@@ -123,7 +123,7 @@ def test_map_cis_fields_with_validity_years(mock_current_app, authority):
             "signature_hash": "sha256",
             "organization": {"name": "Example, Inc."},
             "validity": {
-                "valid_to": arrow.get(2018, 11, 3).format("YYYY-MM-DDTHH:MM") + "Z"
+                "valid_to": arrow.get(2018, 11, 3).format("YYYY-MM-DDTHH:MM:SS") + "Z"
             },
             "profile_name": None,
         }

From 97f80b79dcea1601da700c06b77395e67ae2954a Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 17:23:33 -0700
Subject: [PATCH 16/22] adjusting digicert test to support seconds

---
 lemur/plugins/lemur_digicert/tests/test_digicert.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/tests/test_digicert.py b/lemur/plugins/lemur_digicert/tests/test_digicert.py
index fe47c5b8..059cdd82 100644
--- a/lemur/plugins/lemur_digicert/tests/test_digicert.py
+++ b/lemur/plugins/lemur_digicert/tests/test_digicert.py
@@ -159,7 +159,7 @@ def test_map_cis_fields_with_validity_end_and_start(mock_current_app, app, autho
             "signature_hash": "sha256",
             "organization": {"name": "Example, Inc."},
             "validity": {
-                "valid_to": arrow.get(2017, 5, 7).format("YYYY-MM-DDTHH:MM") + "Z"
+                "valid_to": arrow.get(2017, 5, 7).format("YYYY-MM-DDTHH:MM:SS") + "Z"
             },
             "profile_name": None,
         }

From cf87e178c8f70d527478544f6b37a50a901c62cf Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 17:33:02 -0700
Subject: [PATCH 17/22] making lint happy

---
 lemur/certificates/cli.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py
index cf2ff367..f23948be 100644
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@@ -777,4 +777,3 @@ def deactivate_entrust_certificates():
             current_app.logger.info(log_data)
             sentry.captureException()
             current_app.logger.exception(e)
-            

From 9ce0010bf1a76a1057a9d3b88f1a51966d552568 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 17:33:39 -0700
Subject: [PATCH 18/22] handle_respone can also handle the no data response

---
 lemur/plugins/lemur_entrust/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py
index d3f2c202..0e9f6b7f 100644
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@@ -216,7 +216,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
         deactivate_url = f"{base_url}/certificates/{certificate.external_id}/deactivations"
         response = self.session.post(deactivate_url)
         metrics.send("entrust_deactivate_certificate", "counter", 1)
-        return response.status_code
+        return handle_response(response)
 
     @staticmethod
     def create_authority(options):

From 8610af8b8368565c2e48976eb01168bb2ab21c90 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 22 Oct 2020 17:54:46 -0700
Subject: [PATCH 19/22] more precise language

---
 lemur/plugins/lemur_digicert/plugin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 345bea72..ee917dac 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -222,9 +222,9 @@ def handle_cis_response(response):
     :return:
     """
     if response.status_code == 404:
-        raise Exception("DigiCert: Order not in issued state.")
+        raise Exception("DigiCert: order not in issued state")
     elif response.status_code == 406:
-        raise Exception("DigiCert: Wrong Header")
+        raise Exception("DigiCert: wrong header request format")
     elif response.status_code > 399:
         raise Exception("DigiCert rejected request with the error:" + response.text)
 

From e01863097bf55cd9864a4a2e46ae0a6de700b02e Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 23 Oct 2020 10:16:23 -0700
Subject: [PATCH 20/22] fixing the time bug, sub-second to second, and month to
 minute!

---
 lemur/plugins/lemur_digicert/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index ee917dac..091539de 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -177,7 +177,7 @@ def map_cis_fields(options, csr):
         "csr": csr,
         "signature_hash": signature_hash(options.get("signing_algorithm")),
         "validity": {
-            "valid_to": validity_end.format("YYYY-MM-DDTHH:MM:SS") + "Z"
+            "valid_to": validity_end.format("YYYY-MM-DDTHH:MM:ss") + "Z"
         },
         "organization": {
             "name": options["organization"],

From bc6fb02fc2712e461270b28a01d317709d13d4dc Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 23 Oct 2020 10:16:38 -0700
Subject: [PATCH 21/22] fixing testing

---
 lemur/plugins/lemur_digicert/tests/test_digicert.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/plugins/lemur_digicert/tests/test_digicert.py b/lemur/plugins/lemur_digicert/tests/test_digicert.py
index 059cdd82..fd07ea2b 100644
--- a/lemur/plugins/lemur_digicert/tests/test_digicert.py
+++ b/lemur/plugins/lemur_digicert/tests/test_digicert.py
@@ -123,7 +123,7 @@ def test_map_cis_fields_with_validity_years(mock_current_app, authority):
             "signature_hash": "sha256",
             "organization": {"name": "Example, Inc."},
             "validity": {
-                "valid_to": arrow.get(2018, 11, 3).format("YYYY-MM-DDTHH:MM:SS") + "Z"
+                "valid_to": arrow.get(2018, 11, 3).format("YYYY-MM-DDTHH:mm:ss") + "Z"
             },
             "profile_name": None,
         }
@@ -159,7 +159,7 @@ def test_map_cis_fields_with_validity_end_and_start(mock_current_app, app, autho
             "signature_hash": "sha256",
             "organization": {"name": "Example, Inc."},
             "validity": {
-                "valid_to": arrow.get(2017, 5, 7).format("YYYY-MM-DDTHH:MM:SS") + "Z"
+                "valid_to": arrow.get(2017, 5, 7).format("YYYY-MM-DDTHH:mm:ss") + "Z"
             },
             "profile_name": None,
         }

From 1495fb3595bc102e6ff2f9400c6981fc8bba80ed Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 23 Oct 2020 10:18:24 -0700
Subject: [PATCH 22/22] now fixing the month to minute bug

---
 lemur/plugins/lemur_digicert/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 091539de..ec3a0792 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -177,7 +177,7 @@ def map_cis_fields(options, csr):
         "csr": csr,
         "signature_hash": signature_hash(options.get("signing_algorithm")),
         "validity": {
-            "valid_to": validity_end.format("YYYY-MM-DDTHH:MM:ss") + "Z"
+            "valid_to": validity_end.format("YYYY-MM-DDTHH:mm:ss") + "Z"
         },
         "organization": {
             "name": options["organization"],