Bug 1659506
| Summary: | 'katello-certs-check' should display a warning messages if server.crt contains CN=shortname | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Amar Huchchanavar <ahuchcha> |
| Component: | Certificates | Assignee: | Chris Roberts <chrobert> |
| Status: | CLOSED ERRATA | QA Contact: | Omkar Khatavkar <okhatavk> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4.0 | CC: | bkearney, chrobert, egolov, ehelms |
| Target Milestone: | 6.9.0 | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | foreman-installer-2.3.0 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-04-21 13:11:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you. Created redmine issue https://projects.theforeman.org/issues/31326 from this bug Upstream bug assigned to chrobert Upstream bug assigned to chrobert Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/31326 has been resolved. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.9 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1313 |
Description of problem: 'katello-certs-check' succeeds if the server cert has CN=shortname. We recommend Satellite configuration with FQDN and if customer tries to configure custom certs with short-name it creates lot of issues. Version-Release number of selected component (if applicable): Satellite 6 All versions. How reproducible: Always Steps to Reproduce: 1.Gnerate/get certs with satellite's shortname. 2.Perfrom katello-certs-check. Actual results: It succeeds. Expected results: It should display a warining message. or It should fail. Additional info: >/usr/sbin/katello-certs-check ~~~~ function check-ca-bundle () { printf "Checking CA bundle against the certificate file: " CHECK=$(openssl verify -CAfile $CA_BUNDLE_FILE -purpose sslserver -verbose $CERT_FILE 2>&1) <<< if [ $? == "0" ]; then success else error 4 "The $CA_BUNDLE_FILE does not verify the $CERT_FILE" echo $CHECK fi } ~~~