Bug 1814976
| Summary: | Certmonger replaces the trailing "BEGIN CERTIFICATE“ at wrong position in /var/lib/certmonger/cas/<id> file | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Arya Rajendran <arajendr> | |
| Component: | certmonger | Assignee: | Rob Crittenden <rcritten> | |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
| Severity: | high | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.8 | CC: | bugzilla-redhat, ddas, ksiddiqu, myusuf, nalin, pcech, rcritten | |
| Target Milestone: | rc | Keywords: | TestCaseProvided, Triaged | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | certmonger-0.78.4-13.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1829490 (view as bug list) | Environment: | ||
| Last Closed: | 2020-09-29 20:33:30 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1829490 | |||
|
Comment 23
Rob Crittenden
2020-05-01 21:52:46 UTC
version: certmonger-0.78.4-13.el7.x86_64 Actual result: [root@master ~]# /usr/libexec/certmonger/scep-submit -u http://interop.redwax.eu/test/simple/scep -C > /etc/pki/tls/certs/rw.crt Alter the certificate like: [root@master ~]# cat /etc/pki/tls/certs/rw.crt -----BEGIN CERTIFICATE----- MIIFFzCCA/+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBaMT8wPQYDVQQDEzZSZWR3 YXggSW50ZXJvcCBUZXN0aW5nIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw NDAxFzAVBgNVBAoTDlJlZHdheCBQcm9qZWN0MB4XDTIwMDIxNTIwNTM1MloXDTQw MDIxMDIwNTM1MlowajELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFu ZDEPMA0GA1UEBwwGTGVpZGVuMQ0wCwYDVQQKDARTQ0VQMSQwIgYDVQQDDBtSZWR3 YXggSW50ZXJvcCBUZXN0IFNDRVAgUkEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw ggIKAoICAQDpdqS3jsAOjDltk6Q8Z0aSmgbD+f7zMGdhRBUnt2hgrHzN5nI88FBp ajFCDZGBhNUx5G8HJu9iHL8RZWiiwEtjs3tqTdIAIDNMxSQxy54mrFe2Iv5pUuwm D5uDA7N9TAxJAF2T1CNcqaT+0kXc/s7Ll6wka71KDiO2B+g0qIKq93uX+IT3rJ/5 U3NGzOes53UlYtVxnrdL3D7+Iqr+dRjWDAb0FHxMjJcIcflRgtmkXxjOyULjhoGS fHCNqv7nM3jwk9V3LB97omppDVo2Fo1z1Db0fm67XuSgCCG/yEGNyfX6AK/oFqXa 1RltfjzeJLZ5YgOIGzkqtqPX+cI1+qd4QSWLaSgjaI//ENo9O5rsdzeyZrekN0tO ou21nFkcds2fU/z5NTmhlg8rL6kCbBtk6nv0zwV2At6Sl6vEGxiWGP35r1omRmCJ S/+neNSmbDJ98FTQenxSxqfKyR08eB72Jf11zIM1VHFexoRadA273eXufeme+HQa GFVRq2Hhu+5zr9Dxc53OK822tXIcxRk3MWC7kVaOIqlpcFVXfXNetNjPk4Z9Ln4O 3l5Cr3hx7lv7rdaufRj3QKRjBkfLug5hHaiHJi8UTnbJrbIgdRf3vOTSMej4cadx rYQ+ttkYWrA6a4UQSump/qpIdmuOMa3QJlY/86gKoHhpQ+0CCmPnyQIDAQABo4HX MIHUMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBQsFKw9bTuk H/gqNi3O8RZlV8D6YzCBlwYDVR0jBIGPMIGMgBTtdd41FDxHI/GxGuQTQ4y7zMIr VqFepFwwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENl cnRpZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVj dIIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQELBQADggEBAH79n3Gl 1VDwoPXaxjIxy/HePth5HiDU96nFb/zCR83xur+SqxpX+IXay1T2KFnZje4MAmY5 ePcDmXnxJWfWykxgMsKCJasCwZHqWa3jDiiRwZFpN4dCs459fAEJzRE0MjQRtZhH q46fXkBdA6Gs7c9C/zQMXOWs85c+fT9FX0iVsa9p8rr1WphloZOt36IeR609Qtiw Anq7RPi2uTnnozb5G5zKho+3KnEXRqu9dtcxTGOExLIIQViL2eINHVr6I3l/AlK9 tRxa4/vAiKFfL3IYOXunwSI82jSfkb/n3zuSIYWdzDTrk2au1l4NKUJfMKvmKydP U7vQT+Hr76KEn6o= -----END CERTIFICATE----------BEGIN CERTIFICATE----- <<<<<<<<<<<<<<<<< MIIEDTCCAvWgAwIBAgIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQEF BQAwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVjdDAe Fw0yMDAyMTExNjM4NTZaFw00MDAyMDYxNjM4NTZaMFoxPzA9BgNVBAMTNlJlZHdh eCBJbnRlcm9wIFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjA0 MDEXMBUGA1UEChMOUmVkd2F4IFByb2plY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDnICcjGF9EcH0kRu9TgqiXAV+YdBUOjV4jG9wCbJdZMv6tGYWY IPszrK3Cmw49uMbMgAEL/hB2mr/gZIFMQ0rs2GWwkaKolvg0rw9gE8PwR2p6jthu L+CzocyHkc27f/UGhekYSnbcgIitFNseaJWEI/d+eF8LPkPXhsSUVkCF/wcEG2xM DgS1KckoF7EJ9Tsc7XRVQ3Doq5WL+NCCnuSmeMcVTGhI9XaGreu+DYYmCR3vnDXa vx67A45vlYcgJU4pDL/oMwJW+WKiwKjpiZm4kyRZWYHGLlCUb+ckedhM1eCZwwsg yJKm0aPJbTDjlqRBshU++4aZMV2AFdLRIVq7AgMBAAGjgcowgccwHQYDVR0OBBYE FO113jUUPEcj8bEa5BNDjLvMwitWMIGXBgNVHSMEgY8wgYyAFO113jUUPEcj8bEa 5BNDjLvMwitWoV6kXDBaMT8wPQYDVQQDEzZSZWR3YXggSW50ZXJvcCBUZXN0aW5n IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwNDAxFzAVBgNVBAoTDlJlZHdh eCBQcm9qZWN0ghRvEbfYVdJ9mhTztukVK2DKjEviqjAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQDONOZcaEB3HjLi4wCkeSucGgmDyC2bwPIvZojr9UOx 45FyB5awhRgUP/pKwZIDJ7y5b1Gd20AKjkac3kiXETTjCvGSm3v9EKtKclykd3Jd oKK1WupKhQxoTb6qTakwahxf9nggsjt0u+G9ngnHJiIRdejP8TIAtxZVKAn1Riw7 OdNWzrNdq9E/4Ysr9m5jEYBlZKHLAkyvltjQfet9fsMCG7Ty9kxYVX7AszTEBkeH 4Zd5gubTX2phjMbQk+uzHtoAQF4E5mwrhNjuMn6q2COB+M254u/pGQsi3i1LMxBD ch5AKvxjPsO3pLFi1oWvkJNArKw3DJLcTnCQl7Wn4ZzR -----END CERTIFICATE----- [root@master ~]# getcert add-scep-ca -c "Redwax Interop" -u http://interop.redwax.eu/test/simple/scep -I /etc/pki/tls/certs/rw.crt New CA "Redwax Interop" added. [root@master ~]# getcert list-cas -c "Redwax Interop" CA 'Redwax Interop': is-default: no ca-type: EXTERNAL helper-location: /usr/libexec/certmonger/scep-submit -u http://interop.redwax.eu/test/simple/scep -I /etc/pki/tls/certs/rw.crt SCEP CA certificate thumbprint (MD5): 9B3BB9A9 0EFDCDB9 3434F633 54240F40 SCEP CA certificate thumbprint (SHA1): 14AC57D3 5562DA67 0490F9C1 A76696BE 1162B5AA [root@master ~]# [root@master ~]# [root@master ~]# getcert request -f /etc/pki/tls/certs/test.example.com.cert -k /etc/pki/tls/private/test.example.com.key -c "Redwax Interop" -I test.example.com -D test.example.com -G rsa -g 2048 -u digitalSignature -u keyEncipherment -L challenge New signing request "test.example.com" added. [root@master ~]# getcert list -i test.example.com Number of certificates and requests being tracked: 1. Request ID 'test.example.com': status: MONITORING stuck: no key pair storage: type=FILE,location='/etc/pki/tls/private/test.example.com.key' certificate: type=FILE,location='/etc/pki/tls/certs/test.example.com.cert' signing request thumbprint (MD5): C3E4B67C 96C6DA04 58410EC8 F8D58E97 signing request thumbprint (SHA1): A0AD1CE0 5F805C00 BC58487D A3663458 D3CC9915 CA: Redwax Interop issuer: O=Redwax Project,CN=Redwax Interop Testing Root Certificate Authority 2040 subject: CN=master.testrelm.test expires: 2020-05-06 10:34:52 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment eku: id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes [root@master ~]# cat /var/lib/certmonger/cas/20200505103429 id=Redwax Interop ca_aka=SCEP (certmonger 0.78.4) ca_is_default=0 ca_type=EXTERNAL ca_external_helper=/usr/libexec/certmonger/scep-submit -u http://interop.redwax.eu/test/simple/scep -I /etc/pki/tls/certs/rw.crt ca_capabilities=AES,POSTPKIOperation,SHA-1,SHA-256,SHA-512,SCEPStandard ca_encryption_cert=-----BEGIN CERTIFICATE----- MIIFFzCCA/+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBaMT8wPQYDVQQDEzZSZWR3 YXggSW50ZXJvcCBUZXN0aW5nIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw NDAxFzAVBgNVBAoTDlJlZHdheCBQcm9qZWN0MB4XDTIwMDIxNTIwNTM1MloXDTQw MDIxMDIwNTM1MlowajELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFu ZDEPMA0GA1UEBwwGTGVpZGVuMQ0wCwYDVQQKDARTQ0VQMSQwIgYDVQQDDBtSZWR3 YXggSW50ZXJvcCBUZXN0IFNDRVAgUkEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw ggIKAoICAQDpdqS3jsAOjDltk6Q8Z0aSmgbD+f7zMGdhRBUnt2hgrHzN5nI88FBp ajFCDZGBhNUx5G8HJu9iHL8RZWiiwEtjs3tqTdIAIDNMxSQxy54mrFe2Iv5pUuwm D5uDA7N9TAxJAF2T1CNcqaT+0kXc/s7Ll6wka71KDiO2B+g0qIKq93uX+IT3rJ/5 U3NGzOes53UlYtVxnrdL3D7+Iqr+dRjWDAb0FHxMjJcIcflRgtmkXxjOyULjhoGS fHCNqv7nM3jwk9V3LB97omppDVo2Fo1z1Db0fm67XuSgCCG/yEGNyfX6AK/oFqXa 1RltfjzeJLZ5YgOIGzkqtqPX+cI1+qd4QSWLaSgjaI//ENo9O5rsdzeyZrekN0tO ou21nFkcds2fU/z5NTmhlg8rL6kCbBtk6nv0zwV2At6Sl6vEGxiWGP35r1omRmCJ S/+neNSmbDJ98FTQenxSxqfKyR08eB72Jf11zIM1VHFexoRadA273eXufeme+HQa GFVRq2Hhu+5zr9Dxc53OK822tXIcxRk3MWC7kVaOIqlpcFVXfXNetNjPk4Z9Ln4O 3l5Cr3hx7lv7rdaufRj3QKRjBkfLug5hHaiHJi8UTnbJrbIgdRf3vOTSMej4cadx rYQ+ttkYWrA6a4UQSump/qpIdmuOMa3QJlY/86gKoHhpQ+0CCmPnyQIDAQABo4HX MIHUMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBQsFKw9bTuk H/gqNi3O8RZlV8D6YzCBlwYDVR0jBIGPMIGMgBTtdd41FDxHI/GxGuQTQ4y7zMIr VqFepFwwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENl cnRpZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVj dIIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQELBQADggEBAH79n3Gl 1VDwoPXaxjIxy/HePth5HiDU96nFb/zCR83xur+SqxpX+IXay1T2KFnZje4MAmY5 ePcDmXnxJWfWykxgMsKCJasCwZHqWa3jDiiRwZFpN4dCs459fAEJzRE0MjQRtZhH q46fXkBdA6Gs7c9C/zQMXOWs85c+fT9FX0iVsa9p8rr1WphloZOt36IeR609Qtiw Anq7RPi2uTnnozb5G5zKho+3KnEXRqu9dtcxTGOExLIIQViL2eINHVr6I3l/AlK9 tRxa4/vAiKFfL3IYOXunwSI82jSfkb/n3zuSIYWdzDTrk2au1l4NKUJfMKvmKydP U7vQT+Hr76KEn6o= -----END CERTIFICATE----- ca_encryption_issuer_cert=-----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQEF BQAwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVjdDAe Fw0yMDAyMTExNjM4NTZaFw00MDAyMDYxNjM4NTZaMFoxPzA9BgNVBAMTNlJlZHdh eCBJbnRlcm9wIFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjA0 MDEXMBUGA1UEChMOUmVkd2F4IFByb2plY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDnICcjGF9EcH0kRu9TgqiXAV+YdBUOjV4jG9wCbJdZMv6tGYWY IPszrK3Cmw49uMbMgAEL/hB2mr/gZIFMQ0rs2GWwkaKolvg0rw9gE8PwR2p6jthu L+CzocyHkc27f/UGhekYSnbcgIitFNseaJWEI/d+eF8LPkPXhsSUVkCF/wcEG2xM DgS1KckoF7EJ9Tsc7XRVQ3Doq5WL+NCCnuSmeMcVTGhI9XaGreu+DYYmCR3vnDXa vx67A45vlYcgJU4pDL/oMwJW+WKiwKjpiZm4kyRZWYHGLlCUb+ckedhM1eCZwwsg yJKm0aPJbTDjlqRBshU++4aZMV2AFdLRIVq7AgMBAAGjgcowgccwHQYDVR0OBBYE FO113jUUPEcj8bEa5BNDjLvMwitWMIGXBgNVHSMEgY8wgYyAFO113jUUPEcj8bEa 5BNDjLvMwitWoV6kXDBaMT8wPQYDVQQDEzZSZWR3YXggSW50ZXJvcCBUZXN0aW5n IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwNDAxFzAVBgNVBAoTDlJlZHdh eCBQcm9qZWN0ghRvEbfYVdJ9mhTztukVK2DKjEviqjAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQDONOZcaEB3HjLi4wCkeSucGgmDyC2bwPIvZojr9UOx 45FyB5awhRgUP/pKwZIDJ7y5b1Gd20AKjkac3kiXETTjCvGSm3v9EKtKclykd3Jd oKK1WupKhQxoTb6qTakwahxf9nggsjt0u+G9ngnHJiIRdejP8TIAtxZVKAn1Riw7 OdNWzrNdq9E/4Ysr9m5jEYBlZKHLAkyvltjQfet9fsMCG7Ty9kxYVX7AszTEBkeH 4Zd5gubTX2phjMbQk+uzHtoAQF4E5mwrhNjuMn6q2COB+M254u/pGQsi3i1LMxBD ch5AKvxjPsO3pLFi1oWvkJNArKw3DJLcTnCQl7Wn4ZzR -----END CERTIFICATE----- Reproducer: ~~~~~~~~~~~ [root@master ~]# rpm -qa | grep certmonger certmonger-0.78.4-12.el7.x86_64 [root@master ~]# cat /etc/ipa/ca.crt -----BEGIN CERTIFICATE----- MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1URVNU UkVMTS5URVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAw NTA2MTEyNjAxWhcNNDAwNTA2MTEyNjAxWjA4MRYwFAYDVQQKDA1URVNUUkVMTS5U RVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDMkpVynjoojdkpiO7SLzkGXYt0exfoP0SQhPwF E55zFxSTkoFElX/DwmZ7VcKJvPlfHMiFDkUa8mxt3SXfS1FaQ5kzqUa7PexM0uou XqHO3TM78gvxaEeEmYkcysUlic/BSH+iihc+HuLInJ88Az5p4iDeVfyOP0/9QXJz AoiUxV/+GmOX+1hjRAG+Vr6bWMJSO+bgQOOGXDKYO2nE2akTVpJb4iStT5GlKK37 FAze6Oxjl2zgyAt73yJ6v76mq3Xn3EugvwJe3oBRJBENTIHPC19XeiNzX5EcA5ew EseyDOmCL8XR+/2zvgqy6OeyeJ0iraHmYDISFU00krpzQOIjAgMBAAGjgaUwgaIw HwYDVR0jBBgwFoAUY+tciwDedKzdaWCfU0sciWw4QIwwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFGPrXIsA3nSs3Wlgn1NLHIlsOECM MD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL2lwYS1jYS50ZXN0 cmVsbS50ZXN0L2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBALuTAL1nhPEILjVK fwJ7fi7btJstIxg+zuv08uZ52uXjR6Zqp3pBaH8udVQPV7VZf3G3OnR1ucNc+2uU 5x6td8PWCZnrcmApM+uNnn+2OsSycIejzK80bKPpTiBMvtxvuPKCFSLeHst5nvM3 0lM24FCaQrbFmQKw3/LELwLPMX4tPeIv+gtFl7eJjByAkog8Ssh/C1QtJ8irAg5G mOwxRSer0xjhkpkqb1hjl2PEpgJTwmvueb/GqMSpPDdGURATXlH7EFrPDWbaT1Yi BA+ugEsByrbLy1ntsIkWMnQbtpiudQP0SKtrb7ZCCs9iLaCpPlvQCEuGjqU6enTV iw/tVro= -----END CERTIFICATE-----[root@master ~]# [root@master ~]# getcert add-scep-ca -c "Redwax Interop" -u http://interop.redwax.eu/test/simple/scep -R /etc/pki/tls/certs/rw.crt -r /etc/ipa/ca.crt [root@master ~]# getcert request -f /etc/pki/tls/certs/test.example.com.cert -k /etc/pki/tls/private/test.example.com.key -c "Redwax Interop" -I test.example.com -D test.example.com -G rsa -g 2048 -u digitalSignature -u keyEncipherment -L challenge New signing request "test.example.com" added. [root@master ~]# [root@master ~]# getcert list -i test.example.com Number of certificates and requests being tracked: 10. Request ID 'test.example.com': status: NEED_SCEP_DATA ca-error: Error reading request, expected PKCS7 data. stuck: no key pair storage: type=FILE,location='/etc/pki/tls/private/test.example.com.key' certificate: type=FILE,location='/etc/pki/tls/certs/test.example.com.cert' signing request thumbprint (MD5): 257E30D7 304552E6 BD7AC82B 4FF582B4 signing request thumbprint (SHA1): C44F89CE 760C7E31 8109CEB3 A7B6B74B 868E4BCF CA: Redwax Interop issuer: O=Redwax Project,CN=Redwax Interop Testing Root Certificate Authority 2040 subject: CN=master.testrelm.test expires: 2020-05-07 13:09:03 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment eku: id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes [root@master ~]# cat /var/lib/certmonger/cas/20200506130930 id=Redwax Interop ca_aka=SCEP (certmonger 0.78.4) ca_is_default=0 ca_type=EXTERNAL ca_external_helper=/usr/libexec/certmonger/scep-submit -u http://interop.redwax.eu/test/simple/scep -R /etc/pki/tls/certs/rw.crt -r /etc/ipa/ca.crt ca_capabilities=AES,POSTPKIOperation,SHA-1,SHA-256,SHA-512,SCEPStandard ca_encryption_cert=-----BEGIN CERTIFICATE----- MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1URVNU UkVMTS5URVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAw NTA2MTEyNjAxWhcNNDAwNTA2MTEyNjAxWjA4MRYwFAYDVQQKDA1URVNUUkVMTS5U RVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDMkpVynjoojdkpiO7SLzkGXYt0exfoP0SQhPwF E55zFxSTkoFElX/DwmZ7VcKJvPlfHMiFDkUa8mxt3SXfS1FaQ5kzqUa7PexM0uou XqHO3TM78gvxaEeEmYkcysUlic/BSH+iihc+HuLInJ88Az5p4iDeVfyOP0/9QXJz AoiUxV/+GmOX+1hjRAG+Vr6bWMJSO+bgQOOGXDKYO2nE2akTVpJb4iStT5GlKK37 FAze6Oxjl2zgyAt73yJ6v76mq3Xn3EugvwJe3oBRJBENTIHPC19XeiNzX5EcA5ew EseyDOmCL8XR+/2zvgqy6OeyeJ0iraHmYDISFU00krpzQOIjAgMBAAGjgaUwgaIw HwYDVR0jBBgwFoAUY+tciwDedKzdaWCfU0sciWw4QIwwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFGPrXIsA3nSs3Wlgn1NLHIlsOECM MD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL2lwYS1jYS50ZXN0 cmVsbS50ZXN0L2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBALuTAL1nhPEILjVK fwJ7fi7btJstIxg+zuv08uZ52uXjR6Zqp3pBaH8udVQPV7VZf3G3OnR1ucNc+2uU 5x6td8PWCZnrcmApM+uNnn+2OsSycIejzK80bKPpTiBMvtxvuPKCFSLeHst5nvM3 0lM24FCaQrbFmQKw3/LELwLPMX4tPeIv+gtFl7eJjByAkog8Ssh/C1QtJ8irAg5G mOwxRSer0xjhkpkqb1hjl2PEpgJTwmvueb/GqMSpPDdGURATXlH7EFrPDWbaT1Yi BA+ugEsByrbLy1ntsIkWMnQbtpiudQP0SKtrb7ZCCs9iLaCpPlvQCEuGjqU6enTV iw/tVro= -----END CERTIFICATE----------BEGIN CERTIFICATE----- ca_encryption_issuer_cert=MIIFFzCCA/+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBaMT8wPQYDVQQDEzZSZWR3 YXggSW50ZXJvcCBUZXN0aW5nIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw NDAxFzAVBgNVBAoTDlJlZHdheCBQcm9qZWN0MB4XDTIwMDIxNTIwNTM1MloXDTQw MDIxMDIwNTM1MlowajELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFu ZDEPMA0GA1UEBwwGTGVpZGVuMQ0wCwYDVQQKDARTQ0VQMSQwIgYDVQQDDBtSZWR3 YXggSW50ZXJvcCBUZXN0IFNDRVAgUkEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw ggIKAoICAQDpdqS3jsAOjDltk6Q8Z0aSmgbD+f7zMGdhRBUnt2hgrHzN5nI88FBp ajFCDZGBhNUx5G8HJu9iHL8RZWiiwEtjs3tqTdIAIDNMxSQxy54mrFe2Iv5pUuwm D5uDA7N9TAxJAF2T1CNcqaT+0kXc/s7Ll6wka71KDiO2B+g0qIKq93uX+IT3rJ/5 U3NGzOes53UlYtVxnrdL3D7+Iqr+dRjWDAb0FHxMjJcIcflRgtmkXxjOyULjhoGS fHCNqv7nM3jwk9V3LB97omppDVo2Fo1z1Db0fm67XuSgCCG/yEGNyfX6AK/oFqXa 1RltfjzeJLZ5YgOIGzkqtqPX+cI1+qd4QSWLaSgjaI//ENo9O5rsdzeyZrekN0tO ou21nFkcds2fU/z5NTmhlg8rL6kCbBtk6nv0zwV2At6Sl6vEGxiWGP35r1omRmCJ S/+neNSmbDJ98FTQenxSxqfKyR08eB72Jf11zIM1VHFexoRadA273eXufeme+HQa GFVRq2Hhu+5zr9Dxc53OK822tXIcxRk3MWC7kVaOIqlpcFVXfXNetNjPk4Z9Ln4O 3l5Cr3hx7lv7rdaufRj3QKRjBkfLug5hHaiHJi8UTnbJrbIgdRf3vOTSMej4cadx rYQ+ttkYWrA6a4UQSump/qpIdmuOMa3QJlY/86gKoHhpQ+0CCmPnyQIDAQABo4HX MIHUMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBQsFKw9bTuk H/gqNi3O8RZlV8D6YzCBlwYDVR0jBIGPMIGMgBTtdd41FDxHI/GxGuQTQ4y7zMIr VqFepFwwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENl cnRpZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVj dIIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQELBQADggEBAH79n3Gl 1VDwoPXaxjIxy/HePth5HiDU96nFb/zCR83xur+SqxpX+IXay1T2KFnZje4MAmY5 ePcDmXnxJWfWykxgMsKCJasCwZHqWa3jDiiRwZFpN4dCs459fAEJzRE0MjQRtZhH q46fXkBdA6Gs7c9C/zQMXOWs85c+fT9FX0iVsa9p8rr1WphloZOt36IeR609Qtiw Anq7RPi2uTnnozb5G5zKho+3KnEXRqu9dtcxTGOExLIIQViL2eINHVr6I3l/AlK9 tRxa4/vAiKFfL3IYOXunwSI82jSfkb/n3zuSIYWdzDTrk2au1l4NKUJfMKvmKydP U7vQT+Hr76KEn6o= -----END CERTIFICATE----- ca_encryption_cert_pool=-----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQEF BQAwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVjdDAe Fw0yMDAyMTExNjM4NTZaFw00MDAyMDYxNjM4NTZaMFoxPzA9BgNVBAMTNlJlZHdh eCBJbnRlcm9wIFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjA0 MDEXMBUGA1UEChMOUmVkd2F4IFByb2plY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDnICcjGF9EcH0kRu9TgqiXAV+YdBUOjV4jG9wCbJdZMv6tGYWY IPszrK3Cmw49uMbMgAEL/hB2mr/gZIFMQ0rs2GWwkaKolvg0rw9gE8PwR2p6jthu L+CzocyHkc27f/UGhekYSnbcgIitFNseaJWEI/d+eF8LPkPXhsSUVkCF/wcEG2xM DgS1KckoF7EJ9Tsc7XRVQ3Doq5WL+NCCnuSmeMcVTGhI9XaGreu+DYYmCR3vnDXa vx67A45vlYcgJU4pDL/oMwJW+WKiwKjpiZm4kyRZWYHGLlCUb+ckedhM1eCZwwsg yJKm0aPJbTDjlqRBshU++4aZMV2AFdLRIVq7AgMBAAGjgcowgccwHQYDVR0OBBYE FO113jUUPEcj8bEa5BNDjLvMwitWMIGXBgNVHSMEgY8wgYyAFO113jUUPEcj8bEa 5BNDjLvMwitWoV6kXDBaMT8wPQYDVQQDEzZSZWR3YXggSW50ZXJvcCBUZXN0aW5n IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwNDAxFzAVBgNVBAoTDlJlZHdh eCBQcm9qZWN0ghRvEbfYVdJ9mhTztukVK2DKjEviqjAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQDONOZcaEB3HjLi4wCkeSucGgmDyC2bwPIvZojr9UOx 45FyB5awhRgUP/pKwZIDJ7y5b1Gd20AKjkac3kiXETTjCvGSm3v9EKtKclykd3Jd oKK1WupKhQxoTb6qTakwahxf9nggsjt0u+G9ngnHJiIRdejP8TIAtxZVKAn1Riw7 OdNWzrNdq9E/4Ysr9m5jEYBlZKHLAkyvltjQfet9fsMCG7Ty9kxYVX7AszTEBkeH 4Zd5gubTX2phjMbQk+uzHtoAQF4E5mwrhNjuMn6q2COB+M254u/pGQsi3i1LMxBD ch5AKvxjPsO3pLFi1oWvkJNArKw3DJLcTnCQl7Wn4ZzR -----END CERTIFICATE----------BEGIN CERTIFICATE----- MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1URVNU UkVMTS5URVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAw NTA2MTEyNjAxWhcNNDAwNTA2MTEyNjAxWjA4MRYwFAYDVQQKDA1URVNUUkVMTS5U RVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDMkpVynjoojdkpiO7SLzkGXYt0exfoP0SQhPwF E55zFxSTkoFElX/DwmZ7VcKJvPlfHMiFDkUa8mxt3SXfS1FaQ5kzqUa7PexM0uou XqHO3TM78gvxaEeEmYkcysUlic/BSH+iihc+HuLInJ88Az5p4iDeVfyOP0/9QXJz AoiUxV/+GmOX+1hjRAG+Vr6bWMJSO+bgQOOGXDKYO2nE2akTVpJb4iStT5GlKK37 FAze6Oxjl2zgyAt73yJ6v76mq3Xn3EugvwJe3oBRJBENTIHPC19XeiNzX5EcA5ew EseyDOmCL8XR+/2zvgqy6OeyeJ0iraHmYDISFU00krpzQOIjAgMBAAGjgaUwgaIw HwYDVR0jBBgwFoAUY+tciwDedKzdaWCfU0sciWw4QIwwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFGPrXIsA3nSs3Wlgn1NLHIlsOECM MD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL2lwYS1jYS50ZXN0 cmVsbS50ZXN0L2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBALuTAL1nhPEILjVK fwJ7fi7btJstIxg+zuv08uZ52uXjR6Zqp3pBaH8udVQPV7VZf3G3OnR1ucNc+2uU 5x6td8PWCZnrcmApM+uNnn+2OsSycIejzK80bKPpTiBMvtxvuPKCFSLeHst5nvM3 0lM24FCaQrbFmQKw3/LELwLPMX4tPeIv+gtFl7eJjByAkog8Ssh/C1QtJ8irAg5G mOwxRSer0xjhkpkqb1hjl2PEpgJTwmvueb/GqMSpPDdGURATXlH7EFrPDWbaT1Yi BA+ugEsByrbLy1ntsIkWMnQbtpiudQP0SKtrb7ZCCs9iLaCpPlvQCEuGjqU6enTV iw/tVro= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQEF BQAwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVjdDAe Fw0yMDAyMTExNjM4NTZaFw00MDAyMDYxNjM4NTZaMFoxPzA9BgNVBAMTNlJlZHdh eCBJbnRlcm9wIFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjA0 MDEXMBUGA1UEChMOUmVkd2F4IFByb2plY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDnICcjGF9EcH0kRu9TgqiXAV+YdBUOjV4jG9wCbJdZMv6tGYWY IPszrK3Cmw49uMbMgAEL/hB2mr/gZIFMQ0rs2GWwkaKolvg0rw9gE8PwR2p6jthu L+CzocyHkc27f/UGhekYSnbcgIitFNseaJWEI/d+eF8LPkPXhsSUVkCF/wcEG2xM DgS1KckoF7EJ9Tsc7XRVQ3Doq5WL+NCCnuSmeMcVTGhI9XaGreu+DYYmCR3vnDXa vx67A45vlYcgJU4pDL/oMwJW+WKiwKjpiZm4kyRZWYHGLlCUb+ckedhM1eCZwwsg yJKm0aPJbTDjlqRBshU++4aZMV2AFdLRIVq7AgMBAAGjgcowgccwHQYDVR0OBBYE FO113jUUPEcj8bEa5BNDjLvMwitWMIGXBgNVHSMEgY8wgYyAFO113jUUPEcj8bEa 5BNDjLvMwitWoV6kXDBaMT8wPQYDVQQDEzZSZWR3YXggSW50ZXJvcCBUZXN0aW5n IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwNDAxFzAVBgNVBAoTDlJlZHdh eCBQcm9qZWN0ghRvEbfYVdJ9mhTztukVK2DKjEviqjAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQDONOZcaEB3HjLi4wCkeSucGgmDyC2bwPIvZojr9UOx 45FyB5awhRgUP/pKwZIDJ7y5b1Gd20AKjkac3kiXETTjCvGSm3v9EKtKclykd3Jd oKK1WupKhQxoTb6qTakwahxf9nggsjt0u+G9ngnHJiIRdejP8TIAtxZVKAn1Riw7 OdNWzrNdq9E/4Ysr9m5jEYBlZKHLAkyvltjQfet9fsMCG7Ty9kxYVX7AszTEBkeH 4Zd5gubTX2phjMbQk+uzHtoAQF4E5mwrhNjuMn6q2COB+M254u/pGQsi3i1LMxBD ch5AKvxjPsO3pLFi1oWvkJNArKw3DJLcTnCQl7Wn4ZzR -----END CERTIFICATE----- ~~~~~ Fix: ~~~~~ [root@master ~]# rpm -qa | grep cert certmonger-0.78.4-13.el7.x86_64 [root@master ~]# getcert add-scep-ca -c "Redwax Interop" -u http://interop.redwax.eu/test/simple/scep -R /etc/pki/tls/certs/rw.crt -r /etc/ipa/ca.crt New CA "Redwax Interop" added. [root@master ~]# cat /var/lib/certmonger/cas/20200506131400 id=Redwax Interop ca_aka=SCEP (certmonger 0.78.4) ca_is_default=0 ca_type=EXTERNAL ca_external_helper=/usr/libexec/certmonger/scep-submit -u http://interop.redwax.eu/test/simple/scep -R /etc/pki/tls/certs/rw.crt -r /etc/ipa/ca.crt ca_capabilities=AES,POSTPKIOperation,SHA-1,SHA-256,SHA-512,SCEPStandard ca_encryption_cert=-----BEGIN CERTIFICATE----- MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1URVNU UkVMTS5URVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAw NTA2MTEyNjAxWhcNNDAwNTA2MTEyNjAxWjA4MRYwFAYDVQQKDA1URVNUUkVMTS5U RVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDMkpVynjoojdkpiO7SLzkGXYt0exfoP0SQhPwF E55zFxSTkoFElX/DwmZ7VcKJvPlfHMiFDkUa8mxt3SXfS1FaQ5kzqUa7PexM0uou XqHO3TM78gvxaEeEmYkcysUlic/BSH+iihc+HuLInJ88Az5p4iDeVfyOP0/9QXJz AoiUxV/+GmOX+1hjRAG+Vr6bWMJSO+bgQOOGXDKYO2nE2akTVpJb4iStT5GlKK37 FAze6Oxjl2zgyAt73yJ6v76mq3Xn3EugvwJe3oBRJBENTIHPC19XeiNzX5EcA5ew EseyDOmCL8XR+/2zvgqy6OeyeJ0iraHmYDISFU00krpzQOIjAgMBAAGjgaUwgaIw HwYDVR0jBBgwFoAUY+tciwDedKzdaWCfU0sciWw4QIwwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFGPrXIsA3nSs3Wlgn1NLHIlsOECM MD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL2lwYS1jYS50ZXN0 cmVsbS50ZXN0L2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBALuTAL1nhPEILjVK fwJ7fi7btJstIxg+zuv08uZ52uXjR6Zqp3pBaH8udVQPV7VZf3G3OnR1ucNc+2uU 5x6td8PWCZnrcmApM+uNnn+2OsSycIejzK80bKPpTiBMvtxvuPKCFSLeHst5nvM3 0lM24FCaQrbFmQKw3/LELwLPMX4tPeIv+gtFl7eJjByAkog8Ssh/C1QtJ8irAg5G mOwxRSer0xjhkpkqb1hjl2PEpgJTwmvueb/GqMSpPDdGURATXlH7EFrPDWbaT1Yi BA+ugEsByrbLy1ntsIkWMnQbtpiudQP0SKtrb7ZCCs9iLaCpPlvQCEuGjqU6enTV iw/tVro= -----END CERTIFICATE----- ca_encryption_issuer_cert=-----BEGIN CERTIFICATE----- MIIFFzCCA/+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBaMT8wPQYDVQQDEzZSZWR3 YXggSW50ZXJvcCBUZXN0aW5nIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw NDAxFzAVBgNVBAoTDlJlZHdheCBQcm9qZWN0MB4XDTIwMDIxNTIwNTM1MloXDTQw MDIxMDIwNTM1MlowajELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFu ZDEPMA0GA1UEBwwGTGVpZGVuMQ0wCwYDVQQKDARTQ0VQMSQwIgYDVQQDDBtSZWR3 YXggSW50ZXJvcCBUZXN0IFNDRVAgUkEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw ggIKAoICAQDpdqS3jsAOjDltk6Q8Z0aSmgbD+f7zMGdhRBUnt2hgrHzN5nI88FBp ajFCDZGBhNUx5G8HJu9iHL8RZWiiwEtjs3tqTdIAIDNMxSQxy54mrFe2Iv5pUuwm D5uDA7N9TAxJAF2T1CNcqaT+0kXc/s7Ll6wka71KDiO2B+g0qIKq93uX+IT3rJ/5 U3NGzOes53UlYtVxnrdL3D7+Iqr+dRjWDAb0FHxMjJcIcflRgtmkXxjOyULjhoGS fHCNqv7nM3jwk9V3LB97omppDVo2Fo1z1Db0fm67XuSgCCG/yEGNyfX6AK/oFqXa 1RltfjzeJLZ5YgOIGzkqtqPX+cI1+qd4QSWLaSgjaI//ENo9O5rsdzeyZrekN0tO ou21nFkcds2fU/z5NTmhlg8rL6kCbBtk6nv0zwV2At6Sl6vEGxiWGP35r1omRmCJ S/+neNSmbDJ98FTQenxSxqfKyR08eB72Jf11zIM1VHFexoRadA273eXufeme+HQa GFVRq2Hhu+5zr9Dxc53OK822tXIcxRk3MWC7kVaOIqlpcFVXfXNetNjPk4Z9Ln4O 3l5Cr3hx7lv7rdaufRj3QKRjBkfLug5hHaiHJi8UTnbJrbIgdRf3vOTSMej4cadx rYQ+ttkYWrA6a4UQSump/qpIdmuOMa3QJlY/86gKoHhpQ+0CCmPnyQIDAQABo4HX MIHUMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBQsFKw9bTuk H/gqNi3O8RZlV8D6YzCBlwYDVR0jBIGPMIGMgBTtdd41FDxHI/GxGuQTQ4y7zMIr VqFepFwwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENl cnRpZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVj dIIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQELBQADggEBAH79n3Gl 1VDwoPXaxjIxy/HePth5HiDU96nFb/zCR83xur+SqxpX+IXay1T2KFnZje4MAmY5 ePcDmXnxJWfWykxgMsKCJasCwZHqWa3jDiiRwZFpN4dCs459fAEJzRE0MjQRtZhH q46fXkBdA6Gs7c9C/zQMXOWs85c+fT9FX0iVsa9p8rr1WphloZOt36IeR609Qtiw Anq7RPi2uTnnozb5G5zKho+3KnEXRqu9dtcxTGOExLIIQViL2eINHVr6I3l/AlK9 tRxa4/vAiKFfL3IYOXunwSI82jSfkb/n3zuSIYWdzDTrk2au1l4NKUJfMKvmKydP U7vQT+Hr76KEn6o= -----END CERTIFICATE----- ca_encryption_cert_pool=-----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQEF BQAwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVjdDAe Fw0yMDAyMTExNjM4NTZaFw00MDAyMDYxNjM4NTZaMFoxPzA9BgNVBAMTNlJlZHdh eCBJbnRlcm9wIFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjA0 MDEXMBUGA1UEChMOUmVkd2F4IFByb2plY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDnICcjGF9EcH0kRu9TgqiXAV+YdBUOjV4jG9wCbJdZMv6tGYWY IPszrK3Cmw49uMbMgAEL/hB2mr/gZIFMQ0rs2GWwkaKolvg0rw9gE8PwR2p6jthu L+CzocyHkc27f/UGhekYSnbcgIitFNseaJWEI/d+eF8LPkPXhsSUVkCF/wcEG2xM DgS1KckoF7EJ9Tsc7XRVQ3Doq5WL+NCCnuSmeMcVTGhI9XaGreu+DYYmCR3vnDXa vx67A45vlYcgJU4pDL/oMwJW+WKiwKjpiZm4kyRZWYHGLlCUb+ckedhM1eCZwwsg yJKm0aPJbTDjlqRBshU++4aZMV2AFdLRIVq7AgMBAAGjgcowgccwHQYDVR0OBBYE FO113jUUPEcj8bEa5BNDjLvMwitWMIGXBgNVHSMEgY8wgYyAFO113jUUPEcj8bEa 5BNDjLvMwitWoV6kXDBaMT8wPQYDVQQDEzZSZWR3YXggSW50ZXJvcCBUZXN0aW5n IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwNDAxFzAVBgNVBAoTDlJlZHdh eCBQcm9qZWN0ghRvEbfYVdJ9mhTztukVK2DKjEviqjAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQDONOZcaEB3HjLi4wCkeSucGgmDyC2bwPIvZojr9UOx 45FyB5awhRgUP/pKwZIDJ7y5b1Gd20AKjkac3kiXETTjCvGSm3v9EKtKclykd3Jd oKK1WupKhQxoTb6qTakwahxf9nggsjt0u+G9ngnHJiIRdejP8TIAtxZVKAn1Riw7 OdNWzrNdq9E/4Ysr9m5jEYBlZKHLAkyvltjQfet9fsMCG7Ty9kxYVX7AszTEBkeH 4Zd5gubTX2phjMbQk+uzHtoAQF4E5mwrhNjuMn6q2COB+M254u/pGQsi3i1LMxBD ch5AKvxjPsO3pLFi1oWvkJNArKw3DJLcTnCQl7Wn4ZzR -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1URVNU UkVMTS5URVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAw NTA2MTEyNjAxWhcNNDAwNTA2MTEyNjAxWjA4MRYwFAYDVQQKDA1URVNUUkVMTS5U RVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDMkpVynjoojdkpiO7SLzkGXYt0exfoP0SQhPwF E55zFxSTkoFElX/DwmZ7VcKJvPlfHMiFDkUa8mxt3SXfS1FaQ5kzqUa7PexM0uou XqHO3TM78gvxaEeEmYkcysUlic/BSH+iihc+HuLInJ88Az5p4iDeVfyOP0/9QXJz AoiUxV/+GmOX+1hjRAG+Vr6bWMJSO+bgQOOGXDKYO2nE2akTVpJb4iStT5GlKK37 FAze6Oxjl2zgyAt73yJ6v76mq3Xn3EugvwJe3oBRJBENTIHPC19XeiNzX5EcA5ew EseyDOmCL8XR+/2zvgqy6OeyeJ0iraHmYDISFU00krpzQOIjAgMBAAGjgaUwgaIw HwYDVR0jBBgwFoAUY+tciwDedKzdaWCfU0sciWw4QIwwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFGPrXIsA3nSs3Wlgn1NLHIlsOECM MD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL2lwYS1jYS50ZXN0 cmVsbS50ZXN0L2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBALuTAL1nhPEILjVK fwJ7fi7btJstIxg+zuv08uZ52uXjR6Zqp3pBaH8udVQPV7VZf3G3OnR1ucNc+2uU 5x6td8PWCZnrcmApM+uNnn+2OsSycIejzK80bKPpTiBMvtxvuPKCFSLeHst5nvM3 0lM24FCaQrbFmQKw3/LELwLPMX4tPeIv+gtFl7eJjByAkog8Ssh/C1QtJ8irAg5G mOwxRSer0xjhkpkqb1hjl2PEpgJTwmvueb/GqMSpPDdGURATXlH7EFrPDWbaT1Yi BA+ugEsByrbLy1ntsIkWMnQbtpiudQP0SKtrb7ZCCs9iLaCpPlvQCEuGjqU6enTV iw/tVro= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUbxG32FXSfZoU87bpFStgyoxL4qowDQYJKoZIhvcNAQEF BQAwWjE/MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVjdDAe Fw0yMDAyMTExNjM4NTZaFw00MDAyMDYxNjM4NTZaMFoxPzA9BgNVBAMTNlJlZHdh eCBJbnRlcm9wIFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjA0 MDEXMBUGA1UEChMOUmVkd2F4IFByb2plY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDnICcjGF9EcH0kRu9TgqiXAV+YdBUOjV4jG9wCbJdZMv6tGYWY IPszrK3Cmw49uMbMgAEL/hB2mr/gZIFMQ0rs2GWwkaKolvg0rw9gE8PwR2p6jthu L+CzocyHkc27f/UGhekYSnbcgIitFNseaJWEI/d+eF8LPkPXhsSUVkCF/wcEG2xM DgS1KckoF7EJ9Tsc7XRVQ3Doq5WL+NCCnuSmeMcVTGhI9XaGreu+DYYmCR3vnDXa vx67A45vlYcgJU4pDL/oMwJW+WKiwKjpiZm4kyRZWYHGLlCUb+ckedhM1eCZwwsg yJKm0aPJbTDjlqRBshU++4aZMV2AFdLRIVq7AgMBAAGjgcowgccwHQYDVR0OBBYE FO113jUUPEcj8bEa5BNDjLvMwitWMIGXBgNVHSMEgY8wgYyAFO113jUUPEcj8bEa 5BNDjLvMwitWoV6kXDBaMT8wPQYDVQQDEzZSZWR3YXggSW50ZXJvcCBUZXN0aW5n IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwNDAxFzAVBgNVBAoTDlJlZHdh eCBQcm9qZWN0ghRvEbfYVdJ9mhTztukVK2DKjEviqjAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQDONOZcaEB3HjLi4wCkeSucGgmDyC2bwPIvZojr9UOx 45FyB5awhRgUP/pKwZIDJ7y5b1Gd20AKjkac3kiXETTjCvGSm3v9EKtKclykd3Jd oKK1WupKhQxoTb6qTakwahxf9nggsjt0u+G9ngnHJiIRdejP8TIAtxZVKAn1Riw7 OdNWzrNdq9E/4Ysr9m5jEYBlZKHLAkyvltjQfet9fsMCG7Ty9kxYVX7AszTEBkeH 4Zd5gubTX2phjMbQk+uzHtoAQF4E5mwrhNjuMn6q2COB+M254u/pGQsi3i1LMxBD ch5AKvxjPsO3pLFi1oWvkJNArKw3DJLcTnCQl7Wn4ZzR -----END CERTIFICATE----- [root@master ~]# [root@master ~]# getcert list-cas -c "Redwax Interop" CA 'Redwax Interop': is-default: no ca-type: EXTERNAL helper-location: /usr/libexec/certmonger/scep-submit -u http://interop.redwax.eu/test/simple/scep -R /etc/pki/tls/certs/rw.crt -r /etc/ipa/ca.crt SCEP CA certificate thumbprint (MD5): 78365A23 839BF266 022AA7BA F8797A40 SCEP CA certificate thumbprint (SHA1): 97E5D0D7 A4DCB165 329C0544 CFADDD3A E8CA283C [root@master ~]# The fix properly parse the certificate file even if doesn't have new line(\n) char at /var/lib/certmonger/cas/<id> . Hence marking the bug as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (certmonger bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4009 |