Bug 1572674
| Summary: | ipa-cacert-manage cannot import PKCS#7 files | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Rob Crittenden <rcritten> | |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.5 | CC: | cheimes, dpal, ndehadra, pasik, pvoborni, rcritten, tscherf | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | ipa-4.6.5-1.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1692810 (view as bug list) | Environment: | ||
| Last Closed: | 2019-08-06 13:09:05 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1692810 | |||
|
Description
Rob Crittenden
2018-04-27 14:47:40 UTC
Upstream ticket: https://pagure.io/freeipa/issue/7579 Fixed upstream master: https://pagure.io/freeipa/c/3e8f550c29bb984a87309514d277683bf2e75012 https://pagure.io/freeipa/c/35d1d345c16fe1adb4cda2e0c33b715d85297dae Fixed upstream ipa-4-7: https://pagure.io/freeipa/c/8b0f74961b45d7b2f4cdbccc65d48ce55bc90952 https://pagure.io/freeipa/c/30995f8f16b6b048af19960489477938eadfd471 Fixed upstream ipa-4-6: https://pagure.io/freeipa/c/6bea9b12bfc0e2fa8445f6ab33e8544db0d0b537 https://pagure.io/freeipa/c/5e51c31ad17b01be65e73b160460ad2446ad9f0e ipa-server-4.6.5-9.el7.x86_64 Verified the bug on the basis of following observations: REPRODUCER: --------------------------------------------------------------- [root@vm-idm-004 ~]# rpm -q ipa-server ipa-server-4.6.4-10.el7.x86_64 [root@vm-idm-004 ~]# openssl crl2pkcs7 -nocrl -certfile /etc/ipa/ca.crt -out /tmp/ca.p7b [root@vm-idm-004 ~]# ls -l /tmp/ca.p7b -rw-r--r--. 1 root root 1351 Jun 26 14:11 /tmp/ca.p7b [root@vm-idm-004 ~]# ipa-cacert-manage install /tmp/ca.p7b Installing CA certificate, please wait Not a valid certificate: Unable to load certificate The ipa-cacert-manage command failed. VALIDATION: --------------------------------------------------------------- [root@qe-blade-08 ~]# rpm -q ipa-server ipa-server-4.6.5-9.el7.x86_64 [root@qe-blade-08 ~]# openssl crl2pkcs7 -nocrl -certfile /etc/ipa/ca.crt -out /tmp/ca.p7b [root@qe-blade-08 ~]# ls -l /tmp/ca.p7b rw-rr-. 1 root root 1351 Jun 26 03:43 /tmp/ca.p7b [root@qe-blade-08 ~]# ipa-cacert-manage install /tmp/ca.p7b Installing CA certificate, please wait Verified CN=Certificate Authority,O=TESTRELM.TEST CA certificate successfully installed The ipa-cacert-manage command was successful Thus on the basis of above observations, the issue mentioned in original bug is no more observed, thus marking the status to 'VERIFIED' Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2241 |