Back to bug 1389348
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Petr Vobornik | 2016-10-27 14:13:24 UTC | Status | NEW | POST |
| Jan Cholasta | 2016-10-31 07:31:57 UTC | Status | POST | MODIFIED |
| Fixed In Version | ipa-4.4.0-13.el7 | |||
| errata-xmlrpc | 2016-10-31 07:32:59 UTC | Status | MODIFIED | ON_QA |
| Tomasz Torcz | 2016-10-31 17:06:42 UTC | CC | tomek | |
| Jan Cholasta | 2016-11-01 16:51:55 UTC | Fixed In Version | ipa-4.4.0-13.el7 | ipa-4.4.0-13.el7_3 |
| Marc Muehlfeld | 2016-11-04 14:38:54 UTC | CC | mmuehlfe | |
| Flags | needinfo?(jcholast) | |||
| Jan Cholasta | 2016-11-07 06:50:40 UTC | Doc Text | Cause: When installing a 3rd party service certificate using ipa-server-certinstall it was not verified that the certificate was issued by a CA known to IPA. Consequence: It was possible to install a service certificate issued by an uknown CA, rendering the service unable to start and/or function properly. Fix: Verify that the service certificate being installed with ipa-server-certinstall was issued by a CA known to IPA. Result: It is no longer possible to install a service certificate issued by an unknown CA and thus break the service using ipa-server-certinstall. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Flags | needinfo?(jcholast) | |||
| Abhijeet Kasurde | 2016-11-07 12:38:37 UTC | CC | akasurde | |
| Flags | needinfo?(jcholast) | |||
| Jan Cholasta | 2016-11-09 15:44:01 UTC | Flags | needinfo?(jcholast) | |
| Abhijeet Kasurde | 2016-11-10 09:29:49 UTC | Status | ON_QA | VERIFIED |
| Marc Muehlfeld | 2016-11-11 14:34:33 UTC | Docs Contact | mmuehlfe | |
| Marc Muehlfeld | 2016-11-16 06:51:07 UTC | Doc Text | Cause: When installing a 3rd party service certificate using ipa-server-certinstall it was not verified that the certificate was issued by a CA known to IPA. Consequence: It was possible to install a service certificate issued by an uknown CA, rendering the service unable to start and/or function properly. Fix: Verify that the service certificate being installed with ipa-server-certinstall was issued by a CA known to IPA. Result: It is no longer possible to install a service certificate issued by an unknown CA and thus break the service using ipa-server-certinstall. | Previously, when installing a third-party service certificate, the ipa-server-certinstall utility did not verify if the certificate was issued by a certificate authority (CA) known to Identity Management (IdM). Consequently, certificates issued by an unknown CA could be installed, and services using these certificates failed to start or worked incorrectly. A patch has been applied and as a result, the ipa-server-certinstall utility now verifies if the certificate to be installed has been issued by a CA known to IdM. |
| Flags | needinfo?(jcholast) | |||
| Martin Bašti | 2016-11-16 11:33:28 UTC | CC | mbasti | |
| Flags | needinfo?(jcholast) | |||
| errata-xmlrpc | 2016-12-06 00:22:22 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2016-12-06 17:02:46 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-12-06 12:02:46 UTC |
Back to bug 1389348