| Summary: | IPA admin cert is created with SHA1 signing algorithm, should be SHA256 | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Asha Akkiangady <aakkiang> | |
| Component: | pki-core | Assignee: | Ade Lee <alee> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Asha Akkiangady <aakkiang> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.0 | CC: | alee, cfu, nkinder, nsoman, xdong | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | pki-core-10.0.5-2.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1024461 1024462 (view as bug list) | Environment: | ||
| Last Closed: | 2014-06-13 12:29:48 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 1024461, 1024462 | |||
Fixed in 10.0.6: 3cdb23de2802cf12a1d5981e8b94b1d1bc0f8e8a Verified using ipa-server-3.3.3-13.el7.x86_64, pki-core-10.0.5-3.el7
Verified - Admin/agent cert is created with SHA256 signing algorithm.
# cat /etc/pki/pki-tomcat/ca/CS.cfg | grep ca.signing.defaultSigningAlgorithm
ca.signing.defaultSigningAlgorithm=SHA256withRSA
# vim /var/log/pki/pki-tomcat/ca/debug
<..snip..>
[24/Jan/2014:12:46:50][http-bio-8443-exec-3]: Creating local certificate... issuerdn=cn=Certificate Authority,O=TESTRELM.COM
[24/Jan/2014:12:46:50][http-bio-8443-exec-3]: Creating local certificate... dn=cn=ipa-ca-agent,O=TESTRELM.COM
[24/Jan/2014:12:46:50][http-bio-8443-exec-3]: Cert Template: [
Version: V3
Subject: CN=ipa-ca-agent,O=TESTRELM.COM
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: algorithm = RSA, unparsed keybits =
30 82 01 0A 02 82 01 01 00 AC A6 CA 24 DF 4C 08 9D 37 03 2B
9A 5B FB F6 16 1C 71 A3 7A 47 9C D6 F4 79 27 2C B4 CA 2B D7
E8 FE 99 0E 21 AA 03 04 83 75 7F 07 59 88 1E 5C 12 DC 52 43
01 80 A7 8D 7E BA 2C FB BE 5F 90 45 59 E6 6D 7F BB 9B 45 1D
B4 B1 79 99 53 59 64 6A 23 77 56 C9 06 AA 73 FB 50 80 2D 1F
42 52 DA 22 52 34 65 DC 99 DE 1E D6 1A E5 FC E0 83 05 27 7F
DD 8A 5C E4 26 59 AC C8 6A 33 A2 7B 47 65 77 33 EB DA 40 6C
E1 92 B7 82 F8 02 E5 73 46 AB 44 26 0B EA 3B 2A FC F5 A1 AE
45 A5 B3 E6 63 23 F5 19 42 7A C9 4D 53 33 8E BC 47 F9 07 5B
4B 19 E2 53 B3 8E 45 7F 3E BA 24 2E E0 8D 94 C3 AD 3C E6 62
13 0C E9 15 93 D2 1B E5 11 F7 F1 41 10 A1 70 C4 C9 AA 3A 01
17 6B FE B7 F9 53 FC 93 D0 43 2B E7 16 41 EC EE 7F 3A 19 C7
38 A4 75 73 7C 4C 05 10 D5 71 7D D4 B3 03 B7 6E 4F DB E4 79
0B 28 57 59 31 02 03 01 00 01
Validity: [From: Fri Jan 24 12:46:50 EST 2014,
To: Fri Jan 24 12:46:50 EST 2014]
Issuer: CN=Certificate Authority,O=TESTRELM.COM
SerialNumber: [ 06]
]
[24/Jan/2014:12:46:50][http-bio-8443-exec-3]: CertUtil: createLocalRequest for serial: 6
<..snip..>
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Description of problem: IPA admin cert is created with SHA1 signing algorithm, should be SHA256. Version-Release number of selected component (if applicable): pki-ca-10.0.5-1.el7.noarch How reproducible: Steps to Reproduce: 1. CS.cfg after the CA install has this: ca.signing.defaultSigningAlgorithm=SHA256withRSA 2. CA's debug log has this: [28/Oct/2013:18:10:44][http-bio-8443-exec-3]: Creating local certificate... dn=cn=ipa-ca-agent,O=TESTRELM.COM [28/Oct/2013:18:10:44][http-bio-8443-exec-3]: Cert Template: [ Version: V3 Subject: CN=ipa-ca-agent,O=TESTRELM.COM Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: algorithm = RSA, unparsed keybits = 30 82 01 0A 02 82 01 01 00 EC FF FE 3A D3 01 E9 66 68 81 1A 7E D6 7B E1 24 83 50 37 ED 87 AF EA C2 2C 49 B4 69 83 ED 90 AE 83 0D 02 B3 F7 9A 1C 9D 59 61 36 BA D0 AF 19 60 1D F2 22 57 87 1E 4F FC B3 CF 43 B9 C0 09 B8 4E AD 36 9A AB 18 46 8F 72 4B 7D 15 5F 55 22 B5 C5 EF 07 32 6F C2 4F 0B 1F EC DD 44 9A 5A 59 59 2C 27 D4 8A 26 FC 45 A4 14 1F F9 89 33 2C D4 ED BB D1 AF 86 E1 CD F3 73 1A 58 E3 FF 30 DF B8 D2 98 58 20 C7 D0 56 97 93 51 15 23 6C BE A4 AA 48 4F A6 33 85 F4 4E 7B 19 E1 92 B1 F8 59 63 BA BC F5 91 D2 0F 71 14 3C F2 AA 0B 2E 25 18 A0 E5 42 84 B2 8C 4B 6C EF D8 13 02 A0 84 98 07 38 CA 21 B5 B3 65 58 0A D6 CE AC 2E 0D F5 6B 6D 15 14 51 61 17 AD 57 50 2D CA 0E 6F 73 5A E3 4D 0E E2 AA EB 25 4C 18 70 E3 08 45 C7 79 1B 6F 4D 64 1F E5 CB C6 1B 4C 8C 1D 2F BB 06 E9 DA 0D 15 89 84 30 07 02 03 01 00 01 Validity: [From: Mon Oct 28 18:10:44 EDT 2013, To: Mon Oct 28 18:10:44 EDT 2013] Issuer: CN=Certificate Authority,O=TESTRELM.COM SerialNumber: [ 06] ] Actual results: Admin/agent cert created with SHA1 algorithm Expected results: Admin/agent cert should be created with SHA256 signing algorithm. Additional info: