Bug 1990926
Summary: | Certmonger SCEP renewal should not use old challenges | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Rob Crittenden <rcritten> | |
Component: | certmonger | Assignee: | Rob Crittenden <rcritten> | |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 9.0 | CC: | Adam_5Wu, bernard.rodriguez, ipa-qe, j.florkowski, j.mccanta, ksiddiqu, myusuf, nicholaus.daverin, pcech, pvoborni, rcritten, sumenon, tscherf | |
Target Milestone: | beta | Keywords: | Triaged | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | certmonger-0.79.14-5.el9 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1577570 | |||
: | 2150030 (view as bug list) | Environment: | ||
Last Closed: | 2022-05-17 13:13:50 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1577570 | |||
Bug Blocks: | 2150030 |
Description
Rob Crittenden
2021-08-06 15:20:24 UTC
Verified the bug manually using certmonger-0.79.14-5.el9.x86_64 [root@server ~]# getcert request -c scep -I Test -f /tmp/test-public.pem -k /tmp/test-private.pem -N "CN=Test Cert" -D scep.test -F /tmp/ca.pem -w -v -L 991DCF0C95838704 New signing request "Test" added. State NEWLY_ADDED_READING_KEYINFO, stuck: no. State MONITORING, stuck: no. [root@server ~]# getcert list Number of certificates and requests being tracked: 1. Request ID 'Test': status: MONITORING stuck: no key pair storage: type=FILE,location='/tmp/test-private.pem' certificate: type=FILE,location='/tmp/test-public.pem' signing request thumbprint (MD5): 75473B39 5FBBAB03 A1CDFAC8 44D59B55 signing request thumbprint (SHA1): B8BD0F6C B4511122 B83A996A AE2CB12D 0EC9F8AC CA: scep issuer: CN=win01,DC=scep,DC=test subject: CN=Test Cert issued: 2021-12-06 08:02:32 EST expires: 2023-12-06 08:02:32 EST dns: scep.test key usage: digitalSignature,keyEncipherment eku: iso.org.dod.internet.security.mechanisms.8.2.2 certificate template/profile: IPSECIntermediateOffline profile: IPSECIntermediateOffline pre-save command: post-save command: track: yes auto-renew: yes [root@server ~]# openssl x509 -text -in /tmp/test-public.pem |grep -i serial -A 1 Serial Number: 72:00:00:00:06:a9:6f:b4:01:a3:28:32:db:00:00:00:00:00:06 [root@server ~]# getcert resubmit -f /tmp/test-public.pem -v -w Resubmitting "Test" to "scep". State GENERATING_CSR, stuck: no. State SUBMITTING, stuck: no. State MONITORING, stuck: no. [root@server ~]# openssl x509 -text -in /tmp/test-public.pem |grep -i serial -A 1 Serial Number: 72:00:00:00:07:d9:8e:e9:a8:f0:1b:47:9b:00:00:00:00:00:07 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: certmonger), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:2478 |