Bug 1843009

Summary: Certmonger-0.78.4-12.el7.x86_64 upgrade broke Microsoft NDES (SCEP) Integration
Product: Red Hat Enterprise Linux 8 Reporter: Rob Crittenden <rcritten>
Component: certmongerAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.2CC: ddas, ipa-qe, jwooten, kkufova, ksiddiqu, myusuf, nalin, nigel.tedeschi, pcech, pvlasin, rcritten, thomas.kriener
Target Milestone: rcKeywords: Regression
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: certmonger-0.79.7-14.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1839181 Environment:
Last Closed: 2020-11-04 02:51:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1839181    
Bug Blocks:    

Comment 3 Rob Crittenden 2020-06-02 18:04:32 UTC 
Fix merged upstream: 5c21bcbc0c189777b8cad8658c47d2cfb4cbd2e5
Comment 4 Rob Crittenden 2020-06-09 20:34:13 UTC 
*** Bug 1845685 has been marked as a duplicate of this bug. ***
Comment 7 Mohammad Rizwan 2020-07-08 11:38:30 UTC 
version:
certmonger-0.79.7-14.el8.x86_64

[root@master ~]# /usr/libexec/certmonger/scep-submit -u https://interop.redwax.eu/test/simple/scep -cv
GET "https://interop.redwax.eu/test/simple/scep?operation=GetCACaps&message=0"
response_code = 200
content-type = "text/plain"
code = 0
code_text = "No error"
results = "QUVTClBPU1RQS0lPcGVyYXRpb24KU0hBLTEKU0hBLTI1NgpTSEEtNTEyClNDRVBTdGFuZGFyZAo="
AES
POSTPKIOperation
SHA-1
SHA-256
SHA-512
SCEPStandard

[root@master ~]# /usr/libexec/certmonger/scep-submit -u https://interop.redwax.eu/test/simple/scep -cv -i CAIdentifier
GET "https://interop.redwax.eu/test/simple/scep?operation=GetCACaps&message=CAIdentifier"
response_code = 200
content-type = "text/plain"
code = 0
code_text = "No error"
results = "QUVTClBPU1RQS0lPcGVyYXRpb24KU0hBLTEKU0hBLTI1NgpTSEEtNTEyClNDRVBTdGFuZGFyZAo="
AES
POSTPKIOperation
SHA-1
SHA-256
SHA-512
SCEPStandard

[root@master ~]#  /usr/libexec/certmonger/scep-submit -u https://interop.redwax.eu/test/simple/scep -C -v 
GET "https://interop.redwax.eu/test/simple/scep?operation=GetCACert&message=0"
response_code = 200
content-type = "application/x-x509-ca-ra-cert"
code = 0
code_text = "No error"
[..]

[root@master ~]# /usr/libexec/certmonger/scep-submit -u https://interop.redwax.eu/test/simple/scep -C -v -i CAIdentifier
GET "https://interop.redwax.eu/test/simple/scep?operation=GetCACert&message=CAIdentifier"
response_code = 200
content-type = "application/x-x509-ca-ra-cert"
code = 0
code_text = "No error"
[..]


'message=CA-IDENTIFIER' included in the request. Hence based on above observations marking the bug a verified.
Comment 10 errata-xmlrpc 2020-11-04 02:51:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (certmonger bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4671