Bug 67667

Summary: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()
Product: Tomcat 9 Reporter: Michael Osipov <michaelo>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal CC: michaelo
Priority: P2    
Version: 9.0.81   
Target Milestone: -----   
Hardware: All   
OS: All   

Description Michael Osipov 2023-10-10 18:48:17 UTC
Output: 10-Oct-2023 19:52:21.881 WARNUNG [Catalina-utility-2] org.apache.catalina.security.TLSCertificateReloadListener.checkCertificatesForRenewal [Connector["https-openssl-apr-30002"]], TLS virtual host [_default_] with name [CN=localhost,OU=IN IT IN,O=Siemens,L=Berlin,ST=Berlin,C=DE] that expires on [10/15/23 7:20 PM] is overdue for renewal

This date isn't readable for international audience and an insult to the developer's/admin's eye.

The easiest solution is to do "expiringCertificate.getNotAfter().toInstant()", but Tomcat 8.5 runs on 7 only, alternatively, we use SimpleDateFormat/ConcurrentDateFormat with "yyyy-MM-dd'T'HH:mm:ssXXX".

Readable output:
10-Oct-2023 20:45:01.472 WARNUNG [Catalina-utility-1] org.apache.catalina.security.TLSCertificateReloadListener.checkCertificatesForRenewal [Connector["https-openssl-apr-30002"]], TLS virtual host [_default_] with name [CN=localhost, OU=IN IT IN, O=Siemens, L=Berlin, ST=Berlin, C=DE] that expires on [2023-10-15T17:20:55Z] is overdue for renewal

If no one objects, I'd commit and push the SDF to all branches.
Comment 1 Michael Osipov 2023-10-12 10:17:28 UTC
Fixed in:
- main for 11.0.0-M13 and onwards
- 10.1.x for 10.1.16 and onwards
- 9.0.x  for 9.0.83 and onwards
- 8.5.x for 8.5.96 and onwards