From 6aedd3b0d821adaf04b89cb7c958622c47d4f61f Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 25 Aug 2020 18:40:36 -0700
Subject: [PATCH 1/6] Datepicker enhancements

---
 lemur/certificates/models.py                   |  2 --
 .../certificates/certificate/tracking.tpl.html |  4 +++-
 .../app/angular/certificates/services.js       | 18 ++++++++++--------
 .../angular/pending_certificates/services.js   | 16 +++++++++-------
 4 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 5f6c4ba9..9d4cda34 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -317,8 +317,6 @@ class Certificate(db.Model):
         if self.name.lower() in [ca.lower() for ca in public_CA]:
             return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
 
-        return current_app.config.get("DEFAULT_MAX_VALIDITY_DAYS", 1095)   # 3 years default
-
     @property
     def subject(self):
         return self.parsed_cert.subject
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 07d6b0f4..6b2edee6 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -96,7 +96,7 @@
         Certificate Authority
       </label>
       <div class="col-sm-10">
-        <ui-select class="input-md" ng-model="certificate.authority" theme="bootstrap" title="choose an authority">
+        <ui-select class="input-md" ng-model="certificate.authority" theme="bootstrap" title="choose an authority" ng-change="clearDates()">
           <ui-select-match placeholder="select an authority...">{{$select.selected.name}}</ui-select-match>
           <ui-select-choices class="form-control" repeat="authority in authorities"
                              refresh="getAuthoritiesByName($select.search)"
@@ -159,6 +159,7 @@
                  min-date="certificate.authority.authorityCertificate.notBefore"
                  alt-input-formats="altInputFormats"
                  placeholder="Start Date"
+                 readonly="true"
           />
           <span class="input-group-btn">
                         <button type="button" class="btn btn-default" ng-click="open1()"><i
@@ -179,6 +180,7 @@
                  min-date="certificate.authority.authorityCertificate.minValidityEnd"
                  alt-input-formats="altInputFormats"
                  placeholder="End Date"
+                 readonly="true"
           />
           <span class="input-group-btn">
                         <button type="button" class="btn btn-default" ng-click="open2()"><i
diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js
index 881a443a..3fba1929 100644
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@@ -167,17 +167,19 @@ angular.module('lemur')
         },
         setValidityEndDateRange: function (value) {
           // clear selected validity end date as we are about to calculate new range
-          if(this.validityEnd) {
-            this.validityEnd = '';
-          }
-          
+          this.validityEnd = '';
+
           // Minimum end date will be same as selected start date
           this.authority.authorityCertificate.minValidityEnd = value;
 
-          // Move max end date by maxIssuanceDays
-          let endDate = new Date(value);
-          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
-          this.authority.authorityCertificate.maxValidityEnd = endDate;
+          if(!this.authority.authorityCertificate || !this.authority.authorityCertificate.maxIssuanceDays) {
+            this.authority.authorityCertificate.maxValidityEnd = this.authority.authorityCertificate.notAfter;
+          } else {
+            // Move max end date by maxIssuanceDays
+            let endDate = new Date(value);
+            endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+            this.authority.authorityCertificate.maxValidityEnd = endDate;
+          }
         }
       });
     });
diff --git a/lemur/static/app/angular/pending_certificates/services.js b/lemur/static/app/angular/pending_certificates/services.js
index 2f99eb7d..9b32c1d3 100644
--- a/lemur/static/app/angular/pending_certificates/services.js
+++ b/lemur/static/app/angular/pending_certificates/services.js
@@ -147,17 +147,19 @@ angular.module('lemur')
         },
         setValidityEndDateRange: function (value) {
           // clear selected validity end date as we are about to calculate new range
-          if(this.validityEnd) {
-            this.validityEnd = '';
-          }
+          this.validityEnd = '';
 
           // Minimum end date will be same as selected start date
           this.authority.authorityCertificate.minValidityEnd = value;
 
-          // Move max end date by maxIssuanceDays
-          let endDate = new Date(value);
-          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
-          this.authority.authorityCertificate.maxValidityEnd = endDate;
+          if(!this.authority.authorityCertificate || !this.authority.authorityCertificate.maxIssuanceDays) {
+            this.authority.authorityCertificate.maxValidityEnd = this.authority.authorityCertificate.notAfter;
+          } else {
+            // Move max end date by maxIssuanceDays
+            let endDate = new Date(value);
+            endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+            this.authority.authorityCertificate.maxValidityEnd = endDate;
+          }
         }
       });
     });

From 3242fc1e13157cb84e8777a6cfabdad5eaf00de6 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Wed, 26 Aug 2020 19:30:12 -0700
Subject: [PATCH 2/6] Validity with radio buttons

---
 docs/administration.rst                       | 10 +++----
 lemur/authorities/schemas.py                  |  3 ++-
 lemur/certificates/models.py                  |  8 ++++++
 .../certificates/certificate/certificate.js   | 24 ++++++++++++++++-
 .../certificate/tracking.tpl.html             | 26 +++++++------------
 .../app/angular/certificates/services.js      |  5 +++-
 6 files changed, 52 insertions(+), 24 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index 846a4c34..35a9677d 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -172,15 +172,15 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
         PUBLIC_CA_MAX_VALIDITY_DAYS = 365
 
 
-.. data:: DEFAULT_MAX_VALIDITY_DAYS
+.. data:: DEFAULT_VALIDITY_DAYS
     :noindex:
-        Use this config to override the default limit of 1095 days (3 years) of validity. Any CA which is not listed in
-        PUBLIC_CA_AUTHORITY_NAMES will be using this validity to display date range on UI. Below example overrides the
-        default validity of 1095 days and sets it to 365 days.
+        Use this config to override the default validity of certificates offered through Lemur UI. Any CA which is not listed
+        in PUBLIC_CA_AUTHORITY_NAMES will be using this value as default validity to be displayed on UI. Below example overrides the
+        default validity of 365 days and sets it to 1095 days (3 years).
 
     ::
 
-        DEFAULT_MAX_VALIDITY_DAYS = 365
+        DEFAULT_VALIDITY_DAYS = 1095
 
 
 .. data:: DEBUG_DUMP
diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index 0700c15b..f931b185 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -110,6 +110,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
     not_after = fields.DateTime()
     not_before = fields.DateTime()
     max_issuance_days = fields.Integer()
+    default_validity_days = fields.Integer()
     owner = fields.Email()
     status = fields.Boolean()
     user = fields.Nested(UserNestedOutputSchema)
@@ -135,7 +136,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
     owner = fields.Email()
     plugin = fields.Nested(PluginOutputSchema)
     active = fields.Boolean()
-    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days"])
+    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days", "default_validity_days"])
 
 
 authority_update_schema = AuthorityUpdateSchema()
diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 9d4cda34..8a4fc6bd 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -317,6 +317,14 @@ class Certificate(db.Model):
         if self.name.lower() in [ca.lower() for ca in public_CA]:
             return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
 
+    @property
+    def default_validity_days(self):
+        public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
+        if self.name.lower() in [ca.lower() for ca in public_CA]:
+            return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
+
+        return current_app.config.get("DEFAULT_VALIDITY_DAYS", 365)   # 1 year default
+
     @property
     def subject(self):
         return self.parsed_cert.subject
diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index 155658e6..028377c5 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -107,7 +107,6 @@ angular.module('lemur')
       startingDay: 1
     };
 
-
     $scope.open1 = function() {
       $scope.popup1.opened = true;
     };
@@ -140,6 +139,12 @@ angular.module('lemur')
     );
 
     $scope.create = function (certificate) {
+      if(certificate.validityType === 'dates' &&
+          (!certificate.validityStart || !certificate.validityEnd)) { // these are not mandatory fields in schema, thus handling validation in js
+          return showMissingDateError();
+      }
+      delete certificate.validityType;
+
       WizardHandler.wizard().context.loading = true;
       CertificateService.create(certificate).then(
         function () {
@@ -164,6 +169,23 @@ angular.module('lemur')
         });
     };
 
+    function showMissingDateError() {
+      let error = {};
+        error.message = '';
+        error.reasons = {};
+        error.reasons.validityRange = 'Valid start and end dates are needed, else select Default option';
+
+        toaster.pop({
+          type: 'error',
+          title: 'Validation Error',
+          body: 'lemur-bad-request',
+          bodyOutputType: 'directive',
+          directiveData: error,
+          timeout: 100000
+        });
+        return;
+    }
+
     $scope.templates = [
       {
         'name': 'Client Certificate',
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 6b2edee6..26a167e5 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -136,19 +136,17 @@
              uib-tooltip="If no date is selected Lemur attempts to issue a 1 year certificate">
         Validity Range <span class="glyphicon glyphicon-question-sign"></span>
       </label>
-      <div class="col-sm-2">
-        <select ng-model="certificate.validityYears" class="form-control">
-          <option value="">-</option>
-          <option value="1">1 year</option>
-        </select>
+      <div class="col-sm-4">
+        <div class="btn-group">
+          <label class="btn btn-success" ng-model="certificate.validityType" uib-btn-radio="'defaultDays'" ng-click="clearDates()">
+              Default ({{certificate.authority.authorityCertificate.defaultValidityDays}} days)</label>
+          <label class="btn btn-success" ng-model="certificate.validityType" uib-btn-radio="'dates'">Select Date</label>
+        </div>
       </div>
-      <span style="padding-top: 15px" class="text-center col-sm-1">
-                <strong>or</strong>
-            </span>
-      <div class="col-sm-3">
+      <div class="col-sm-3" ng-if="certificate.validityType==='dates'">
         <div class="input-group">
           <input type="text" class="form-control"
-                 uib-tooltip="yyyy/MM/dd"
+                 uib-tooltip="Start Date (yyyy/MM/dd)"
                  uib-datepicker-popup="yyyy/MM/dd"
                  ng-model="certificate.validityStart"
                  ng-change="certificate.setValidityEndDateRange(certificate.validityStart)"
@@ -167,10 +165,10 @@
                     </span>
         </div>
       </div>
-      <div class="col-sm-3">
+      <div class="col-sm-3" ng-if="certificate.validityType==='dates'">
         <div class="input-group">
           <input type="text" class="form-control"
-                 uib-tooltip="yyyy/MM/dd"
+                 uib-tooltip="End Date (yyyy/MM/dd)"
                  uib-datepicker-popup="yyyy/MM/dd"
                  ng-model="certificate.validityEnd"
                  is-open="popup2.opened"
@@ -188,10 +186,6 @@
                     </span>
         </div>
       </div>
-      <div class="col-sm-1">
-        <button uib-tooltip="Clear Validity" ng-click="clearDates()" class="btn btn-default"><i
-          class="glyphicon glyphicon-remove"></i></button>
-      </div>
     </div>
     <div class="form-group" ng-show="certificate.authority.plugin.slug == 'acme-issuer'">
       <label class="control-label col-sm-2">
diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js
index 3fba1929..0c8eb7cc 100644
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@@ -197,7 +197,7 @@ angular.module('lemur')
     CertificateService.create = function (certificate) {
       certificate.attachSubAltName();
       certificate.attachCustom();
-      if (certificate.validityYears === '') { // if a user de-selects validity years we ignore it
+      if (certificate.validityYears === '') { // if a user de-selects validity years we ignore it - might not be needed anymore
         delete certificate.validityYears;
       }
       return CertificateApi.post(certificate);
@@ -283,6 +283,9 @@ angular.module('lemur')
         certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
         certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
 
+        // pre-select validity type radio button to default days
+        certificate.validityType = 'defaultDays';
+
         if (certificate.dnsProviderId) {
           certificate.dnsProvider = {id: certificate.dnsProviderId};
         }

From 9c4fb85dc3b513ec5f7051028845fbe70581f384 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 31 Aug 2020 18:19:32 -0700
Subject: [PATCH 3/6] Calculate dates from defaultDays in js

---
 docs/administration.rst                       |  7 +-
 .../certificates/certificate/certificate.js   | 69 +++++++++++++++----
 .../certificate/tracking.tpl.html             | 12 ++--
 3 files changed, 65 insertions(+), 23 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index 35a9677d..2f71c0bf 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -174,9 +174,10 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
 
 .. data:: DEFAULT_VALIDITY_DAYS
     :noindex:
-        Use this config to override the default validity of certificates offered through Lemur UI. Any CA which is not listed
-        in PUBLIC_CA_AUTHORITY_NAMES will be using this value as default validity to be displayed on UI. Below example overrides the
-        default validity of 365 days and sets it to 1095 days (3 years).
+        Use this config to override the default validity of 365 days for certificates offered through Lemur UI. Any CA which
+        is not listed in PUBLIC_CA_AUTHORITY_NAMES will be using this value as default validity to be displayed on UI. Please
+        note that this config is used for cert issuance only through Lemur UI. Below example overrides the default validity
+        of 365 days and sets it to 1095 days (3 years).
 
     ::
 
diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index 028377c5..6b275328 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -139,11 +139,13 @@ angular.module('lemur')
     );
 
     $scope.create = function (certificate) {
-      if(certificate.validityType === 'dates' &&
+      if(certificate.validityType === 'customDates' &&
           (!certificate.validityStart || !certificate.validityEnd)) { // these are not mandatory fields in schema, thus handling validation in js
           return showMissingDateError();
       }
-      delete certificate.validityType;
+      if(certificate.validityType === 'defaultDays') {
+        populateValidityDateAsPerDefault(certificate);
+      }
 
       WizardHandler.wizard().context.loading = true;
       CertificateService.create(certificate).then(
@@ -171,19 +173,26 @@ angular.module('lemur')
 
     function showMissingDateError() {
       let error = {};
-        error.message = '';
-        error.reasons = {};
-        error.reasons.validityRange = 'Valid start and end dates are needed, else select Default option';
+      error.message = '';
+      error.reasons = {};
+      error.reasons.validityRange = 'Valid start and end dates are needed, else select Default option';
 
-        toaster.pop({
-          type: 'error',
-          title: 'Validation Error',
-          body: 'lemur-bad-request',
-          bodyOutputType: 'directive',
-          directiveData: error,
-          timeout: 100000
-        });
-        return;
+      toaster.pop({
+        type: 'error',
+        title: 'Validation Error',
+        body: 'lemur-bad-request',
+        bodyOutputType: 'directive',
+        directiveData: error,
+        timeout: 100000
+      });
+    }
+
+    function populateValidityDateAsPerDefault(certificate) {
+      // calculate start and end date as per default validity
+      let startDate = new Date(), endDate = new Date();
+      endDate.setDate(startDate.getDate() + certificate.authority.authorityCertificate.defaultValidityDays);
+      certificate.validityStart = startDate;
+      certificate.validityEnd = endDate;
     }
 
     $scope.templates = [
@@ -299,6 +308,14 @@ angular.module('lemur')
   };
 
   $scope.create = function (certificate) {
+     if(certificate.validityType === 'customDates' &&
+          (!certificate.validityStart || !certificate.validityEnd)) { // these are not mandatory fields in schema, thus handling validation in js
+          return showMissingDateError();
+     }
+     if(certificate.validityType === 'defaultDays') {
+        populateValidityDateAsPerDefault(certificate);
+     }
+
     WizardHandler.wizard().context.loading = true;
     CertificateService.create(certificate).then(
       function () {
@@ -323,6 +340,30 @@ angular.module('lemur')
       });
   };
 
+  function showMissingDateError() {
+      let error = {};
+      error.message = '';
+      error.reasons = {};
+      error.reasons.validityRange = 'Valid start and end dates are needed, else select Default option';
+
+      toaster.pop({
+        type: 'error',
+        title: 'Validation Error',
+        body: 'lemur-bad-request',
+        bodyOutputType: 'directive',
+        directiveData: error,
+        timeout: 100000
+      });
+    }
+
+    function populateValidityDateAsPerDefault(certificate) {
+      // calculate start and end date as per default validity
+      let startDate = new Date(), endDate = new Date();
+      endDate.setDate(startDate.getDate() + certificate.authority.authorityCertificate.defaultValidityDays);
+      certificate.validityStart = startDate;
+      certificate.validityEnd = endDate;
+    }
+
   $scope.templates = [
     {
       'name': 'Client Certificate',
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 26a167e5..e024972b 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -133,17 +133,17 @@
       </div>
     <div class="form-group" ng-hide="certificate.authority.plugin.slug == 'acme-issuer'">
       <label class="control-label col-sm-2"
-             uib-tooltip="If no date is selected Lemur attempts to issue a 1 year certificate">
+             uib-tooltip="You can select custom date range, however we recommend continuing with default validity.">
         Validity Range <span class="glyphicon glyphicon-question-sign"></span>
       </label>
       <div class="col-sm-4">
-        <div class="btn-group">
-          <label class="btn btn-success" ng-model="certificate.validityType" uib-btn-radio="'defaultDays'" ng-click="clearDates()">
+        <div class="btn-group btn-group-toggle" data-toggle="buttons">
+          <label class="btn btn-info" ng-model="certificate.validityType" uib-btn-radio="'defaultDays'" ng-click="clearDates()">
               Default ({{certificate.authority.authorityCertificate.defaultValidityDays}} days)</label>
-          <label class="btn btn-success" ng-model="certificate.validityType" uib-btn-radio="'dates'">Select Date</label>
+          <label class="btn btn-info" ng-model="certificate.validityType" uib-btn-radio="'customDates'" ng-change="clearDates()">Custom</label>
         </div>
       </div>
-      <div class="col-sm-3" ng-if="certificate.validityType==='dates'">
+      <div class="col-sm-3" ng-if="certificate.validityType==='customDates'">
         <div class="input-group">
           <input type="text" class="form-control"
                  uib-tooltip="Start Date (yyyy/MM/dd)"
@@ -165,7 +165,7 @@
                     </span>
         </div>
       </div>
-      <div class="col-sm-3" ng-if="certificate.validityType==='dates'">
+      <div class="col-sm-3" ng-if="certificate.validityType==='customDates'">
         <div class="input-group">
           <input type="text" class="form-control"
                  uib-tooltip="End Date (yyyy/MM/dd)"

From db4f68f0edf2022ce6670031d29b1575c06c3d99 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 31 Aug 2020 18:20:32 -0700
Subject: [PATCH 4/6] Logs during cert validity truncate for digicert

---
 lemur/plugins/lemur_digicert/plugin.py | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index fd8c4e2d..4bd11bc8 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -18,8 +18,9 @@ import json
 import arrow
 import pem
 import requests
+import sys
 from cryptography import x509
-from flask import current_app
+from flask import current_app, g
 from lemur.common.utils import validate_conf
 from lemur.extensions import metrics
 from lemur.plugins import lemur_digicert as digicert
@@ -129,6 +130,9 @@ def map_fields(options, csr):
         data["validity_years"] = determine_validity_years(options.get("validity_years"))
     elif options.get("validity_end"):
         data["custom_expiration_date"] = determine_end_date(options.get("validity_end")).format("YYYY-MM-DD")
+        # check if validity got truncated. If resultant validity is not equal to requested validity, it just got truncated
+        if data["custom_expiration_date"] != options.get("validity_end"):
+            log_validity_truncation(options, f"{__name__}.{sys._getframe().f_code.co_name}")
     else:
         data["validity_years"] = determine_validity_years(0)
 
@@ -154,6 +158,9 @@ def map_cis_fields(options, csr):
         validity_end = determine_end_date(arrow.utcnow().shift(years=options["validity_years"]))
     elif options.get("validity_end"):
         validity_end = determine_end_date(options.get("validity_end"))
+        # check if validity got truncated. If resultant validity is not equal to requested validity, it just got truncated
+        if validity_end != options.get("validity_end"):
+            log_validity_truncation(options, f"{__name__}.{sys._getframe().f_code.co_name}")
     else:
         validity_end = determine_end_date(False)
 
@@ -178,6 +185,16 @@ def map_cis_fields(options, csr):
 
     return data
 
+def log_validity_truncation(options, function):
+    log_data = {
+        "cn": options["common_name"],
+        "creator": g.user.username
+    }
+    metrics.send("digicert_validity_truncated", "counter", 1, metric_tags=log_data)
+
+    log_data["function"] = function
+    log_data["message"] = "Digicert Plugin truncated the validity of certificate, cn = {0}".format(options["common_name"])
+    current_app.logger.info(log_data)
 
 def handle_response(response):
     """

From 8ad4448c85d7e1c15ab4dba404aa92c00bfe8fbf Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 1 Sep 2020 12:44:49 -0700
Subject: [PATCH 5/6] Match date format for comparison + expected new lines

---
 lemur/plugins/lemur_digicert/plugin.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 4bd11bc8..ad4272dc 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -131,7 +131,7 @@ def map_fields(options, csr):
     elif options.get("validity_end"):
         data["custom_expiration_date"] = determine_end_date(options.get("validity_end")).format("YYYY-MM-DD")
         # check if validity got truncated. If resultant validity is not equal to requested validity, it just got truncated
-        if data["custom_expiration_date"] != options.get("validity_end"):
+        if data["custom_expiration_date"] != options.get("validity_end").format("YYYY-MM-DD"):
             log_validity_truncation(options, f"{__name__}.{sys._getframe().f_code.co_name}")
     else:
         data["validity_years"] = determine_validity_years(0)
@@ -185,6 +185,7 @@ def map_cis_fields(options, csr):
 
     return data
 
+
 def log_validity_truncation(options, function):
     log_data = {
         "cn": options["common_name"],
@@ -196,6 +197,7 @@ def log_validity_truncation(options, function):
     log_data["message"] = "Digicert Plugin truncated the validity of certificate, cn = {0}".format(options["common_name"])
     current_app.logger.info(log_data)
 
+
 def handle_response(response):
     """
     Handle the DigiCert API response and any errors it might have experienced.

From 09a2a8fc76801c1a04b0ace0265bf31345f58a1c Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Fri, 11 Sep 2020 15:53:05 -0700
Subject: [PATCH 6/6] Log message change PR comments

---
 lemur/plugins/lemur_digicert/plugin.py                          | 2 +-
 .../app/angular/certificates/certificate/tracking.tpl.html      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index ad4272dc..3948acbb 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -194,7 +194,7 @@ def log_validity_truncation(options, function):
     metrics.send("digicert_validity_truncated", "counter", 1, metric_tags=log_data)
 
     log_data["function"] = function
-    log_data["message"] = "Digicert Plugin truncated the validity of certificate, cn = {0}".format(options["common_name"])
+    log_data["message"] = "Digicert Plugin truncated the validity of certificate"
     current_app.logger.info(log_data)
 
 
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index e024972b..d60a1a6a 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -133,7 +133,7 @@
       </div>
     <div class="form-group" ng-hide="certificate.authority.plugin.slug == 'acme-issuer'">
       <label class="control-label col-sm-2"
-             uib-tooltip="You can select custom date range, however we recommend continuing with default validity.">
+             uib-tooltip="You can select custom date range; however, we recommend continuing with default validity.">
         Validity Range <span class="glyphicon glyphicon-question-sign"></span>
       </label>
       <div class="col-sm-4">