Bug 1586268
| Summary: | [RFE] Red Hat Identity Manager IP SANs | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Matt Bagnara <mbagnara> |
| Component: | ipa | Assignee: | Fraser Tweedale <ftweedal> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
| Priority: | unspecified | ||
| Version: | 7.5 | CC: | asimonel, batkisso, dpal, frenaud, ftweedal, ksiddiqu, ndehadra, pasik, pvoborni, rcritten, sputhenp, tscherf |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.6.5-1.el7 | Doc Type: | Enhancement |
| Doc Text: |
.IdM now supports IP addresses in the SAN extension of certificates
In certain situations, administrators need to issue certificates with an IP address in the Subject Alternative Name (SAN) extension. This update adds this feature. As a result, administrators can set an IP address in the SAN extension if the address is managed in the IdM DNS service and associated with the subject host or service principal.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-08-06 13:09:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Matt Bagnara
2018-06-05 20:19:55 UTC
Upstream ticket: https://pagure.io/freeipa/issue/7451 Can we have this considered for RHEL 7.7? Related blog post: https://frasertweedale.github.io/blog-redhat/posts/2019-02-18-freeipa-san-ip.html Fixed upstream master: https://pagure.io/freeipa/c/dccb2e0eb8953e449dadc344aaa7cd0d173b9717 https://pagure.io/freeipa/c/8ec4868a64a193917ee2c424ba5fdbf17f14b4ad https://pagure.io/freeipa/c/eb70e64c0b0cd867dc0d771a3a145e5549012f92 https://pagure.io/freeipa/c/9c750f0738ccc81004ced8cd1c816e48be539f8b https://pagure.io/freeipa/c/e37c025dac7c89aa59de98d66a443d49f6009de5 https://pagure.io/freeipa/c/474a2e6952e15fe3bf1bbf16853ecdc157355b0b https://pagure.io/freeipa/c/a65c12d042e480ac5ff1c327feb94221c4b76782 ACKs are appearing so here are the backport PRs: ipa-4-7 https://github.com/freeipa/freeipa/pull/2882 ipa-4-6 https://github.com/freeipa/freeipa/pull/2883 ipa-4-6:
5aa8b7a50fdf979ffb2894c1da2c06536c433fee Allow issuing certificates with IP addresses in subjectAltName
dd93dd1aa7dfe2a75821bad264a1fbaae935415e cert-request: restrict IPAddress SAN to host/service principals
42c69a05ee4bf431e5c9783b32a9ef49bd14037a cert-request: collect only qualified DNS names for IPAddress validation
ed3ef2042e5e048dc9b7f630bc4393a69f1e3dea cert-request: generalise _san_dnsname_ips for arbitrary cname depth
6e5c2d996f148267ef74daadea71d4f5c2701312 cert-request: report all unmatched SAN IP addresses
0295908c9ac6c2bbb95c133f2dc38def78645284 Add tests for cert-request IP address SAN support
1a78844dbdc147b8b85ef3821d055fa2b696ef0c cert-request: more specific errors in IP address validation
94ecaaa4b6651d387a642c3ef07b21f47408347d cert-request: handle missing zone
cbb972998b2ab7692764b49f578cc106920aa76e cert-request: fix py2 unicode/str issues
ipa-server-version : ipa-4.6.5-7.el7 All the Tests for the RFE passed successfully. Thus marking the status of bug to Verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2241 |