Bug 1112605
Summary: | [RFE] Add support for SubjectAltNames (SAN) to IPA service certificates | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | dpal, ekeck, martin, mkosek, rcritten, spoore |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.0.3-1.el7 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 10:12:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Martin Kosek
2014-06-24 10:15:56 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/e675e427c713e41a5384d329bf453a998a70bb13 https://fedorahosted.org/freeipa/changeset/d6fb110b77e2c585f0bfc5eb11b0187a43263fa1 https://fedorahosted.org/freeipa/changeset/8b8774d138348ab4b938f98dc106ea983e261262 Upstream ticket: https://fedorahosted.org/freeipa/ticket/4540 Ticket 4540 fixed upstream, better error message provided: Fixed upstream master: https://fedorahosted.org/freeipa/changeset/8e602eaf46b71ad8f713f549d6a823c70567bb22 ipa-4-1: https://fedorahosted.org/freeipa/changeset/ed5ffbfd75f3f1a62581c50a2c64d9e75fc74081 ipa-4-0: https://fedorahosted.org/freeipa/changeset/80da03a2169de3a78edec42c1eab1f87734f49a7 Verified. Version :: ipa-server-4.1.0-16.el7.x86_64 Results :: Test as admin: [root@rhel7-1 ~]# ipa host-add test101.example.com --ip-address=192.168.122.101 -------------------------------- Added host "test101.example.com" -------------------------------- Host name: test101.example.com Principal name: host/test101.example.com Password: False Keytab: False Managed by: test101.example.com [root@rhel7-1 ~]# ipa service-add HTTP/test101.example.com ---------------------------------------------------- Added service "HTTP/test101.example.com" ---------------------------------------------------- Principal: HTTP/test101.example.com Managed by: test101.example.com [root@rhel7-1 ~]# ipa dnsrecord-add example.com test1 --a-rec=192.168.122.101 Record name: test1 A record: 192.168.122.101 [root@rhel7-1 ~]# ipa host-add test1.example.com --force ------------------------------ Added host "test1.example.com" ------------------------------ Host name: test1.example.com Principal name: host/test1.example.com Password: False Keytab: False Managed by: test1.example.com [root@rhel7-1 ~]# ipa service-add-host --hosts=$(hostname) HTTP/test101.example.com Principal: HTTP/test101.example.com Managed by: test101.example.com, rhel7-1.example.com ------------------------- Number of members added 1 ------------------------- [root@rhel7-1 ~]# ipa service-add HTTP/test1.example.com -------------------------------------------------- Added service "HTTP/test1.example.com" -------------------------------------------------- Principal: HTTP/test1.example.com Managed by: test1.example.com [root@rhel7-1 ~]# ipa service-add-host --hosts=$(hostname) HTTP/test1.example.com Principal: HTTP/test1.example.com Managed by: test1.example.com, rhel7-1.example.com ------------------------- Number of members added 1 ------------------------- [root@rhel7-1 ~]# mkdir -p /tmp/mycerts [root@rhel7-1 ~]# semanage fcontext -a -t cert_t "/tmp/mycerts(/.*)?" [root@rhel7-1 ~]# restorecon -FvvR /tmp/mycerts/ restorecon reset /tmp/mycerts context unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:cert_t:s0 [root@rhel7-1 ~]# touch /tmp/mycerts/test101.crt [root@rhel7-1 ~]# openssl genpkey -algorithm RSA -out /tmp/mycerts/test101.key ...........++++++ .........++++++ [root@rhel7-1 ~]# ipa-getcert request \ > -k /tmp/mycerts/test101.key \ > -f /tmp/mycerts/test101.crt \ > -N "cn=test101.example.com" \ > -D "test101.example.com" \ > -D "test1.example.com" \ > -K HTTP/test101.example.com New signing request "20150126173620" added. [root@rhel7-1 ~]# openssl x509 -in /tmp/mycerts/test101.crt -text Certificate: Data: Version: 3 (0x2) Serial Number: 11 (0xb) Signature Algorithm: sha256WithRSAEncryption Issuer: O=EXAMPLE.COM, CN=Certificate Authority Validity Not Before: Jan 26 17:36:21 2015 GMT Not After : Jan 26 17:36:21 2017 GMT Subject: O=EXAMPLE.COM, CN=test101.example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: ...trunc... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:7A:A3:45:B8:67:72:97:28:9D:54:87:6A:07:F2:E6:56:EB:68:D0:0C Authority Information Access: OCSP - URI:http://ipa-ca.example.com/ca/ocsp X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://ipa-ca.example.com/ipa/crl/MasterCRL.bin CRL Issuer: DirName: O = ipaca, CN = Certificate Authority X509v3 Subject Key Identifier: 5F:68:93:2D:A1:FF:4F:DC:A7:A9:F3:C6:BD:30:F3:C1:AE:06:84:75 X509v3 Subject Alternative Name: DNS:test101.example.com, DNS:test1.example.com, othername:<unsupported>, othername:<unsupported> ....trunc.... ### So I can see the SANs above. Now to test with a non-admin user: [root@rhel7-1 ~]# ipa host-add test102.example.com --ip-address=192.168.122.102 -------------------------------- Added host "test102.example.com" -------------------------------- Host name: test102.example.com Principal name: host/test102.example.com Password: False Keytab: False Managed by: test102.example.com [root@rhel7-1 ~]# ipa dnsrecord-add example.com test2 --a-rec=192.168.122.102 Record name: test2 A record: 192.168.122.102 [root@rhel7-1 ~]# ipa host-add test2.example.com ------------------------------ Added host "test2.example.com" ------------------------------ Host name: test2.example.com Principal name: host/test2.example.com Password: False Keytab: False Managed by: test2.example.com [root@rhel7-1 ~]# ipa service-add HTTP/test2.example.com -------------------------------------------------- Added service "HTTP/test2.example.com" -------------------------------------------------- Principal: HTTP/test2.example.com Managed by: test2.example.com [root@rhel7-1 ~]# ipa service-add-host --hosts=$(hostname) HTTP/test2.example.com Principal: HTTP/test2.example.com Managed by: test2.example.com, rhel7-1.example.com ------------------------- Number of members added 1 ------------------------- [root@rhel7-1 ~]# ipa service-add HTTP/test102.example.com ---------------------------------------------------- Added service "HTTP/test102.example.com" ---------------------------------------------------- Principal: HTTP/test102.example.com Managed by: test102.example.com [root@rhel7-1 ~]# ipa service-add-host --hosts=$(hostname) HTTP/test102.example.com Principal: HTTP/test102.example.com Managed by: test102.example.com, rhel7-1.example.com ------------------------- Number of members added 1 ------------------------- [root@rhel7-1 ~]# echo redhat|ipa user-add user102 --first=f --last=l --password -------------------- Added user "user102" -------------------- User login: user102 First name: f Last name: l Full name: f l Display name: f l Initials: fl Home directory: /home/user102 GECOS: f l Login shell: /bin/sh Kerberos principal: user102 Email address: user102 UID: 647600001 GID: 647600001 Password: True Member of groups: ipausers Kerberos keys available: True [root@rhel7-1 ~]# echo -e "redhat\nSecret123\nSecret123\n"| kinit user102 Password for user102: Password expired. You must change it now. Enter new password: Enter it again: [root@rhel7-1 ~]# kdestroy -A [root@rhel7-1 ~]# echo Secret123|kinit admin Password for admin: [root@rhel7-1 ~]# ipa role-add --desc="Cert Admins" crtadmin --------------------- Added role "crtadmin" --------------------- Role name: crtadmin Description: Cert Admins [root@rhel7-1 ~]# ipa role-add-privilege --privileges="Certificate Administrators" crtadmin Role name: crtadmin Description: Cert Admins Privileges: Certificate Administrators ---------------------------- Number of privileges added 1 ---------------------------- [root@rhel7-1 ~]# ipa role-add-member --users=user102 crtadmin Role name: crtadmin Description: Cert Admins Member users: user102 Privileges: Certificate Administrators ------------------------- Number of members added 1 ------------------------- [root@rhel7-1 ~]# ipa role-add --desc="Service Admins" svcadmin --------------------- Added role "svcadmin" --------------------- Role name: svcadmin Description: Service Admins [root@rhel7-1 ~]# ipa role-add-privilege --privileges="Service Administrators" svcadmin Role name: svcadmin Description: Service Admins Privileges: Service Administrators ---------------------------- Number of privileges added 1 ---------------------------- [root@rhel7-1 ~]# ipa role-add-member --users=user102 svcadmin Role name: svcadmin Description: Service Admins Member users: user102 Privileges: Service Administrators ------------------------- Number of members added 1 ------------------------- [root@rhel7-1 ~]# authconfig --enablemkhomedir --update [root@rhel7-1 ~]# ssh user102@$(hostname) user102.com's password: Creating home directory for user102. -sh-4.2$ cat > san.cnf <<EOF > [req] > default_bits = 2048 > distinguished_name = req_distinguished_name > req_extensions = v3_req > prompt = no > encrypt_key = no > > [req_distinguished_name] > countryName = US > stateOrProvinceName = Illinois > localityName = Chicago > 0.organizationName = RedHat > organizationalUnitName = QE > commonName = test102.example.com > emailAddress = root > > [ v3_req ] > subjectAltName = @alt_names > > [alt_names] > DNS.1 = test102.example.com > DNS.2 = test2.example.com > EOF -sh-4.2$ openssl req -out server.csr -new -newkey rsa:2048 -nodes -keyout server.key -config san.cnf Generating a 2048 bit RSA private key ................+++ ............................+++ writing new private key to 'server.key' ----- -sh-4.2$ ipa cert-request server.csr --principal=HTTP/test102.example.com Certificate: MIIERDCCAyygAwIBAgIBCzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFNUExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1MDEyNjE3NTE1M1oXDTE3MDEyNjE3NTE1M1owNDEUMBIGA1UECgwLRVhBTVBMRS5DT00xHDAaBgNVBAMME3Rlc3QxMDIuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLngisJX+eS9SoTlYq8ZW9ep1NEPuitoZMp3ng3raqN1ZtIJYTE3OxyKGc+oeW6PGl8Rjk1EY0mpxQdVg2tFw9+zoALl/HNIc9TUjfq6mgP1Y3ynrztcoNbgkbP5R8X3FOX/iumBtbO5ZLR+3FWcadIwjxDyehgXV2oowvIsDirxn7mILt64Vreasm8v4siKVH3nFjhGR/ZDdzHZiMRSyMswoYj2Reb841eLFhjXtFTQC4r8gjOx8dNxMyQw94B5y1xr4siKEjIrG/qmKXZX8oc1E11zQId12ilbaFDiFPpEYYqfbFIS41OGIju+gdCs0iDAFxzG/6i4kpPN5S+MQVAgMBAAGjggFdMIIBWTAfBgNVHSMEGDAWgBR6o0W4Z3KXKJ1Uh2oH8uZW62jQDDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEtY2EuZXhhbXBsZS5jb20vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHYGA1UdHwRvMG0wa6AzoDGGL2h0dHA6Ly9pcGEtY2EuZXhhbXBsZS5jb20vaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQxOZurqS/wUbEzfjVgPonJ2fafXjAxBgNVHREEKjAoghN0ZXN0MTAyLmV4YW1wbGUuY29tghF0ZXN0Mi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAh9bXHpCJGaETgncBsGmYP0w5O/59ZIgV53LBLk7VazZBiP6e7DkvuZgFPmKZmBlWUq9lhByvKSI0l6gXRrRgsUoMX5lNlVWyZayObE7ozF+JIJacmdr073cKy5F5HzaprvOkeRi9tSnKJnv6bvbKNkpsOUKNr6b5HOzvMM0AEKXEmDrj9PNaO84FEnocw2Kh/R27QQEy/oSbL9iqC0R5oaY/f5wFto7HFfvBFNmM0e6FL7KoDlgN5/DF3BYooiMY+4x5rnitK26wkKq7oBwBh0+VTbEGwYorFjvGuVkDmRh64IWPkPItzFW2zPyLGJd+EbMMCJXnBEZqqpkAl0g7Kg== Subject: CN=test102.example.com,O=EXAMPLE.COM Issuer: CN=Certificate Authority,O=EXAMPLE.COM Not Before: Mon Jan 26 17:51:53 2015 UTC Not After: Thu Jan 26 17:51:53 2017 UTC Fingerprint (MD5): 55:f7:91:be:30:ac:0d:7f:be:fa:9f:5c:80:80:0f:00 Fingerprint (SHA1): 4c:75:c6:e7:68:28:fa:98:b5:d4:78:71:96:3e:51:48:74:a2:b1:7a Serial number: 11 Serial number (hex): 0xB -sh-4.2$ ipa cert-show 11 --out=mycert.crt Certificate: MIIERDCCAyygAwIBAgIBCzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFN UExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1MDEy NjE3NTE1M1oXDTE3MDEyNjE3NTE1M1owNDEUMBIGA1UECgwLRVhBTVBMRS5DT00x HDAaBgNVBAMME3Rlc3QxMDIuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDLngisJX+eS9SoTlYq8ZW9ep1NEPuitoZMp3ng3raqN1Zt IJYTE3OxyKGc+oeW6PGl8Rjk1EY0mpxQdVg2tFw9+zoALl/HNIc9TUjfq6mgP1Y3 ynrztcoNbgkbP5R8X3FOX/iumBtbO5ZLR+3FWcadIwjxDyehgXV2oowvIsDirxn7 mILt64Vreasm8v4siKVH3nFjhGR/ZDdzHZiMRSyMswoYj2Reb841eLFhjXtFTQC4 r8gjOx8dNxMyQw94B5y1xr4siKEjIrG/qmKXZX8oc1E11zQId12ilbaFDiFPpEYY qfbFIS41OGIju+gdCs0iDAFxzG/6i4kpPN5S+MQVAgMBAAGjggFdMIIBWTAfBgNV HSMEGDAWgBR6o0W4Z3KXKJ1Uh2oH8uZW62jQDDA9BggrBgEFBQcBAQQxMC8wLQYI KwYBBQUHMAGGIWh0dHA6Ly9pcGEtY2EuZXhhbXBsZS5jb20vY2Evb2NzcDAOBgNV HQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHYGA1Ud HwRvMG0wa6AzoDGGL2h0dHA6Ly9pcGEtY2EuZXhhbXBsZS5jb20vaXBhL2NybC9N YXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQxOZurqS/wUbEzfjVgPonJ2faf XjAxBgNVHREEKjAoghN0ZXN0MTAyLmV4YW1wbGUuY29tghF0ZXN0Mi5leGFtcGxl LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAh9bXHpCJGaETgncBsGmYP0w5O/59ZIgV 53LBLk7VazZBiP6e7DkvuZgFPmKZmBlWUq9lhByvKSI0l6gXRrRgsUoMX5lNlVWy ZayObE7ozF+JIJacmdr073cKy5F5HzaprvOkeRi9tSnKJnv6bvbKNkpsOUKNr6b5 HOzvMM0AEKXEmDrj9PNaO84FEnocw2Kh/R27QQEy/oSbL9iqC0R5oaY/f5wFto7H FfvBFNmM0e6FL7KoDlgN5/DF3BYooiMY+4x5rnitK26wkKq7oBwBh0+VTbEGwYor FjvGuVkDmRh64IWPkPItzFW2zPyLGJd+EbMMCJXnBEZqqpkAl0g7Kg== Subject: CN=test102.example.com,O=EXAMPLE.COM Issuer: CN=Certificate Authority,O=EXAMPLE.COM Not Before: Mon Jan 26 17:51:53 2015 UTC Not After: Thu Jan 26 17:51:53 2017 UTC Fingerprint (MD5): 55:f7:91:be:30:ac:0d:7f:be:fa:9f:5c:80:80:0f:00 Fingerprint (SHA1): 4c:75:c6:e7:68:28:fa:98:b5:d4:78:71:96:3e:51:48:74:a2:b1:7a Serial number (hex): 0xB Serial number: 11 -sh-4.2$ openssl x509 -in mycert.crt -text Certificate: Data: Version: 3 (0x2) Serial Number: 11 (0xb) Signature Algorithm: sha256WithRSAEncryption Issuer: O=EXAMPLE.COM, CN=Certificate Authority Validity Not Before: Jan 26 17:51:53 2015 GMT Not After : Jan 26 17:51:53 2017 GMT Subject: O=EXAMPLE.COM, CN=test102.example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:cb:9e:08:ac:25:7f:9e:4b:d4:a8:4e:56:2a:f1: 95:bd:7a:9d:4d:10:fb:a2:b6:86:4c:a7:79:e0:de: b6:aa:37:56:6d:20:96:13:13:73:b1:c8:a1:9c:fa: 87:96:e8:f1:a5:f1:18:e4:d4:46:34:9a:9c:50:75: 58:36:b4:5c:3d:fb:3a:00:2e:5f:c7:34:87:3d:4d: 48:df:ab:a9:a0:3f:56:37:ca:7a:f3:b5:ca:0d:6e: 09:1b:3f:94:7c:5f:71:4e:5f:f8:ae:98:1b:5b:3b: 96:4b:47:ed:c5:59:c6:9d:23:08:f1:0f:27:a1:81: 75:76:a2:8c:2f:22:c0:e2:af:19:fb:98:82:ed:eb: 85:6b:79:ab:26:f2:fe:2c:88:a5:47:de:71:63:84: 64:7f:64:37:73:1d:98:8c:45:2c:8c:b3:0a:18:8f: 64:5e:6f:ce:35:78:b1:61:8d:7b:45:4d:00:b8:af: c8:23:3b:1f:1d:37:13:32:43:0f:78:07:9c:b5:c6: be:2c:88:a1:23:22:b1:bf:aa:62:97:65:7f:28:73: 51:35:d7:34:08:77:5d:a2:95:b6:85:0e:21:4f:a4: 46:18:a9:f6:c5:21:2e:35:38:62:23:bb:e8:1d:0a: cd:22:0c:01:71:cc:6f:fa:8b:89:29:3c:de:52:f8: c4:15 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:7A:A3:45:B8:67:72:97:28:9D:54:87:6A:07:F2:E6:56:EB:68:D0:0C Authority Information Access: OCSP - URI:http://ipa-ca.example.com/ca/ocsp X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://ipa-ca.example.com/ipa/crl/MasterCRL.bin CRL Issuer: DirName: O = ipaca, CN = Certificate Authority X509v3 Subject Key Identifier: 31:39:9B:AB:A9:2F:F0:51:B1:33:7E:35:60:3E:89:C9:D9:F6:9F:5E X509v3 Subject Alternative Name: DNS:test102.example.com, DNS:test2.example.com Signature Algorithm: sha256WithRSAEncryption 87:d6:d7:1e:90:89:19:a1:13:82:77:01:b0:69:98:3f:4c:39: 3b:fe:7d:64:88:15:e7:72:c1:2e:4e:d5:6b:36:41:88:fe:9e: ec:39:2f:b9:98:05:3e:62:99:98:19:56:52:af:65:84:1c:af: 29:22:34:97:a8:17:46:b4:60:b1:4a:0c:5f:99:4d:95:55:b2: 65:ac:8e:6c:4e:e8:cc:5f:89:20:96:9c:99:da:f4:ef:77:0a: cb:91:79:1f:36:a9:ae:f3:a4:79:18:bd:b5:29:ca:26:7b:fa: 6e:f6:ca:36:4a:6c:39:42:8d:af:a6:f9:1c:ec:ef:30:cd:00: 10:a5:c4:98:3a:e3:f4:f3:5a:3b:ce:05:12:7a:1c:c3:62:a1: fd:1d:bb:41:01:32:fe:84:9b:2f:d8:aa:0b:44:79:a1:a6:3f: 7f:9c:05:b6:8e:c7:15:fb:c1:14:d9:8c:d1:ee:85:2f:b2:a8: 0e:58:0d:e7:f0:c5:dc:16:28:a2:23:18:fb:8c:79:ae:78:ad: 2b:6e:b0:90:aa:bb:a0:1c:01:87:4f:95:4d:b1:06:c1:8a:2b: 16:3b:c6:b9:59:03:99:18:7a:e0:85:8f:90:f2:2d:cc:55:b6: cc:fc:8b:18:97:7e:11:b3:0c:08:95:e7:04:46:6a:aa:99:00: 97:48:3b:2a -----BEGIN CERTIFICATE----- MIIERDCCAyygAwIBAgIBCzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFN UExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1MDEy NjE3NTE1M1oXDTE3MDEyNjE3NTE1M1owNDEUMBIGA1UECgwLRVhBTVBMRS5DT00x HDAaBgNVBAMME3Rlc3QxMDIuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDLngisJX+eS9SoTlYq8ZW9ep1NEPuitoZMp3ng3raqN1Zt IJYTE3OxyKGc+oeW6PGl8Rjk1EY0mpxQdVg2tFw9+zoALl/HNIc9TUjfq6mgP1Y3 ynrztcoNbgkbP5R8X3FOX/iumBtbO5ZLR+3FWcadIwjxDyehgXV2oowvIsDirxn7 mILt64Vreasm8v4siKVH3nFjhGR/ZDdzHZiMRSyMswoYj2Reb841eLFhjXtFTQC4 r8gjOx8dNxMyQw94B5y1xr4siKEjIrG/qmKXZX8oc1E11zQId12ilbaFDiFPpEYY qfbFIS41OGIju+gdCs0iDAFxzG/6i4kpPN5S+MQVAgMBAAGjggFdMIIBWTAfBgNV HSMEGDAWgBR6o0W4Z3KXKJ1Uh2oH8uZW62jQDDA9BggrBgEFBQcBAQQxMC8wLQYI KwYBBQUHMAGGIWh0dHA6Ly9pcGEtY2EuZXhhbXBsZS5jb20vY2Evb2NzcDAOBgNV HQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHYGA1Ud HwRvMG0wa6AzoDGGL2h0dHA6Ly9pcGEtY2EuZXhhbXBsZS5jb20vaXBhL2NybC9N YXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQxOZurqS/wUbEzfjVgPonJ2faf XjAxBgNVHREEKjAoghN0ZXN0MTAyLmV4YW1wbGUuY29tghF0ZXN0Mi5leGFtcGxl LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAh9bXHpCJGaETgncBsGmYP0w5O/59ZIgV 53LBLk7VazZBiP6e7DkvuZgFPmKZmBlWUq9lhByvKSI0l6gXRrRgsUoMX5lNlVWy ZayObE7ozF+JIJacmdr073cKy5F5HzaprvOkeRi9tSnKJnv6bvbKNkpsOUKNr6b5 HOzvMM0AEKXEmDrj9PNaO84FEnocw2Kh/R27QQEy/oSbL9iqC0R5oaY/f5wFto7H FfvBFNmM0e6FL7KoDlgN5/DF3BYooiMY+4x5rnitK26wkKq7oBwBh0+VTbEGwYor FjvGuVkDmRh64IWPkPItzFW2zPyLGJd+EbMMCJXnBEZqqpkAl0g7Kg== -----END CERTIFICATE----- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html |