Bug 1356104
Summary: | cert-show command does not display Subject Alternative Names | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Xiyang Dong <xdong> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | ftweedal, ipa-maint, jcholast, ksiddiqu, pvoborni, rcritten, xdong |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.5.0-1.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 09:37:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Petr Vobornik
2016-07-13 12:12:48 UTC
master: https://fedorahosted.org/freeipa/changeset/0245d2aadf8b38ba68aeacf70761bd09ad927951 https://fedorahosted.org/freeipa/changeset/dae82b25bdfbec44e5db27a6fc353a46739ed8f5 https://fedorahosted.org/freeipa/changeset/e3acc3659c6349a0de837f9441c6324055d9a100 https://fedorahosted.org/freeipa/changeset/a381d888cd6effc480c373f19f6a0ecbf00c4182 https://fedorahosted.org/freeipa/changeset/48aaf2bbf5df6dcedaa466753c8fafb478cb31b2 master: b6a3c9dc74ccef6f8e7df4123670d7e11269198c cert-show: show validity in default output ipa-4-4: 0d8f8896db8ad3a1c91cacfb009640602552f55f cert-show: show validity in default output Was fixed with 4.5 rebase. on ipa-server-4.5.0-9.el7 , Subject Other Name is still not showing in default cert-show output , only showing with --all option: # ipa cert-show 9 Issuing CA: ipa Certificate: (omitted) Subject: CN=ibm-x3650m4-01-vm-11.testrelm.test,O=TESTRELM.TEST Subject DNS name: ibm-x3650m4-01-vm-11.testrelm.test Subject UPN: HTTP/ibm-x3650m4-01-vm-11.testrelm.test Subject Kerberos principal name: HTTP/ibm-x3650m4-01-vm-11.testrelm.test Issuer: CN=Certificate Authority,O=TESTRELM.TEST Not Before: Thu May 25 14:26:58 2017 UTC Not After: Sun May 26 14:26:58 2019 UTC Serial number: 9 Serial number (hex): 0x9 Revoked: False Owner service: HTTP/ibm-x3650m4-01-vm-11.testrelm.test # ipa cert-show 9 --all Issuing CA: ipa Certificate: (omitted) Subject: CN=ibm-x3650m4-01-vm-11.testrelm.test,O=TESTRELM.TEST Subject DNS name: ibm-x3650m4-01-vm-11.testrelm.test Subject UPN: HTTP/ibm-x3650m4-01-vm-11.testrelm.test Subject Kerberos principal name: HTTP/ibm-x3650m4-01-vm-11.testrelm.test Subject Other Name: 1.3.6.1.4.1.311.20.2.3:DDVIVFRQL2libS14MzY1MG00LTAxLXZtLTExLnRlc3RyZWxtLnRlc3RAVEVTVFJFTE0uVEVTVA==, 1.3.6.1.5.2.2:MEigDxsNVEVTVFJFTE0uVEVTVKE1MDOgAwIBAaEsMCobBEhUVFAbImlibS14MzY1MG00LTAxLXZtLTExLnRlc3RyZWxtLnRlc3Q= Issuer: CN=Certificate Authority,O=TESTRELM.TEST Not Before: Thu May 25 14:26:58 2017 UTC Not After: Sun May 26 14:26:58 2019 UTC Fingerprint (SHA1): 85:ad:61:e0:86:67:f4:0b:f3:02:08:7e:4c:29:16:9f:9b:6a:ad:04 Fingerprint (SHA256): 26:d2:57:06:15:fa:1a:25:55:c7:e5:92:7b:33:48:a4:b3:93:ce:11:f8:2b:d2:76:ee:3d:4a:0b:00:c5:51:a3 Serial number: 9 Serial number (hex): 0x9 Revoked: False Owner service: HTTP/ibm-x3650m4-01-vm-11.testrelm.test SANs are there, but they don't contain "SAN" in label, look into this commit what the labels they can have: https://pagure.io/freeipa/c/48aaf2bbf5df6dcedaa466753c8fafb478cb31b2 Hello Fraser, I saw that you own the commit ,could you please add "SAN" in label ? Thanks Xiyang, it is implicit that it is an alternative name. The "S" in "SAN" is for "Subject" after all. Furthermore, "SAN" is not an official abbreviation. Thanks Fraser. Verified on ipa-server-4.5.0-9.el7, validity is shown in default output: # ipa cert-show 9 Issuing CA: ipa Certificate: (omitted) Subject: CN=ibm-x3650m4-01-vm-11.testrelm.test,O=TESTRELM.TEST Subject DNS name: ibm-x3650m4-01-vm-11.testrelm.test Subject UPN: HTTP/ibm-x3650m4-01-vm-11.testrelm.test Subject Kerberos principal name: HTTP/ibm-x3650m4-01-vm-11.testrelm.test Issuer: CN=Certificate Authority,O=TESTRELM.TEST Not Before: Thu May 25 14:26:58 2017 UTC Not After: Sun May 26 14:26:58 2019 UTC Serial number: 9 Serial number (hex): 0x9 Revoked: False Owner service: HTTP/ibm-x3650m4-01-vm-11.testrelm.test Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304 |