Bug 616906
| Summary: | new consumer certs not being created when they should be | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Adrian Likins <alikins> |
| Component: | subscription-manager | Assignee: | Bryan Kearney <bkearney> |
| Status: | CLOSED ERRATA | QA Contact: | wes hayutin <whayutin> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 6.1 | CC: | bkearney, jsefler, shaines, spandey, whayutin |
| Target Milestone: | rc | Keywords: | RHELNAK |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-05-19 13:41:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 595758 | ||
| Bug Blocks: | 568421 | ||
|
Description
Adrian Likins
2010-07-21 17:29:31 UTC
This issue has been proposed when we are only considering blocker issues in the current Red Hat Enterprise Linux release. ** If you would still like this issue considered for the current release, ask your support representative to file as a blocker on your behalf. Otherwise ask that it be considered for the next Red Hat Enterprise Linux release. ** It seems to be working fine. I am not able to re-produce this on my machine. Any scenario/steps are welcome. VERSION:
[root@jsefler-rhel6-client01 ~]# rpm -q subscription-manager
subscription-manager-0.76-1.git.0.fe91dd4.fc12.i386
FOLLOWING THE TESTS BELOW, YOU'LL SEE (BY NOTING THE FILE TIMESTAMPS AND THE VALIDITY DATES WITHIN THE CERT) THAT THE IDENTITY CERT IS INDEED UPDATED WHEN CALLING subscription-manager-cl register w/force AS WELL AS reregister.
[root@jsefler-rhel6-client01 ~]# ls -l /etc/pki/consumer/*
ls: cannot access /etc/pki/consumer/*: No such file or directory
[root@jsefler-rhel6-client01 ~]# subscription-manager-cli register --username=testuser1 --password=password
971722de-9158-4a51-b80f-1ba36eb97ed1 testuser1
[root@jsefler-rhel6-client01 ~]# ls -l /etc/pki/consumer/*
-rw-r--r--. 1 root root 1269 Sep 9 10:28 /etc/pki/consumer/cert.pem
-rw-r--r--. 1 root root 1675 Sep 9 10:28 /etc/pki/consumer/key.pem
[root@jsefler-rhel6-client01 ~]# openssl x509 -text -noout -in /etc/pki/consumer/cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 163 (0xa3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=jsefler-f12-candlepin.usersys.redhat.com, C=US, L=Raleigh
Validity
Not Before: Sep 9 14:28:33 2010 GMT
Not After : Sep 9 14:28:33 2011 GMT
Subject: CN=971722de-9158-4a51-b80f-1ba36eb97ed1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:94:a9:be:bf:a4:14:e2:1e:ad:71:e6:aa:65:47:
64:16:09:f6:65:61:86:fa:1b:38:3e:11:ab:5d:c9:
ef:1c:e0:4f:80:b9:8d:51:2c:8e:ce:6f:7c:ba:e8:
59:0a:d3:ef:d0:02:d7:23:87:1a:e7:4a:37:5d:e0:
5a:12:a2:57:8e:0b:a2:14:81:43:d3:f3:6e:fd:3f:
03:c3:a0:fb:f6:67:cc:d9:3a:62:16:de:2f:4a:1a:
b0:78:7b:8c:37:78:99:5e:4f:0b:a9:b3:c3:91:ae:
ac:0f:70:d3:ce:34:79:39:56:5a:5e:c9:dc:31:94:
a9:ee:ad:65:56:29:ae:4f:84:f7:ca:1b:c3:74:6b:
ab:ad:df:80:b2:36:8c:93:a1:2f:5c:4e:6d:32:fc:
7a:da:da:e2:a3:87:e0:3c:2a:ee:e5:65:b3:51:c7:
ba:98:b8:4b:67:03:8e:c0:f1:97:74:80:65:ec:9f:
7e:c0:92:c3:ba:ab:11:a3:53:64:03:3c:de:68:a6:
fa:c8:21:09:63:57:0c:da:51:be:a4:c3:07:d7:32:
95:99:a9:9f:c3:ae:d1:57:9a:c5:f2:77:b0:d5:cf:
0f:10:48:56:b4:c6:db:87:da:ab:92:7f:15:8b:bd:
86:9f:69:a4:3e:ce:86:24:43:d3:91:fd:f3:74:86:
bc:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Authority Key Identifier:
keyid:96:B8:29:58:5D:04:30:FA:E1:3A:95:78:11:7F:0A:BA:C8:97:02:CC
DirName:/CN=jsefler-f12-candlepin.usersys.redhat.com/C=US/L=Raleigh
serial:DC:B4:1E:8F:C1:17:95:E6
X509v3 Subject Key Identifier:
BD:A1:9B:DC:29:6F:67:76:ED:0A:C7:A0:14:85:40:CC:D9:7E:DE:E2
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Subject Alternative Name:
DirName:/CN=testuser1
Signature Algorithm: sha1WithRSAEncryption
62:09:fb:ae:01:cb:24:57:67:b0:06:f5:00:4d:0a:6c:d7:d2:
b9:04:4a:1e:cf:bc:33:a4:4e:c3:b0:a7:f1:47:cc:36:8f:73:
0d:fc:b9:dc:3b:f7:17:6a:c5:27:87:98:da:71:d8:a7:bc:24:
50:46:71:c7:2c:29:8e:9b:0a:aa:c8:be:f6:32:fd:e6:f1:71:
49:b9:d0:5c:00:f3:4c:b8:c6:6c:b2:64:05:28:2c:2a:51:97:
92:5e:8e:90:e2:c8:c5:2b:b1:4b:6b:e5:d5:a4:5c:48:0d:db:
83:b5:b0:ed:15:36:4f:53:57:83:62:b2:5e:53:c8:86:c3:17:
8b:94
[root@jsefler-rhel6-client01 ~]# subscription-manager-cli register --username=testuser1 --password=password --force
368955e0-7882-456a-bc96-1a0f152923af testuser1
[root@jsefler-rhel6-client01 ~]# ls -l /etc/pki/consumer/*
-rw-r--r--. 1 root root 1269 Sep 9 10:29 /etc/pki/consumer/cert.pem
-rw-r--r--. 1 root root 1679 Sep 9 10:29 /etc/pki/consumer/key.pem
[root@jsefler-rhel6-client01 ~]# openssl x509 -text -noout -in /etc/pki/consumer/cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 164 (0xa4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=jsefler-f12-candlepin.usersys.redhat.com, C=US, L=Raleigh
Validity
Not Before: Sep 9 14:29:34 2010 GMT
Not After : Sep 9 14:29:34 2011 GMT
Subject: CN=368955e0-7882-456a-bc96-1a0f152923af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:94:97:42:38:1f:57:ce:ef:12:5a:e8:c2:3a:4d:
1e:1a:98:8b:5b:63:4d:bf:c0:7d:a5:7d:60:38:b3:
f3:d7:d9:66:e7:3c:3b:51:e1:68:b7:98:56:19:05:
b3:93:f4:26:4d:4d:d0:78:70:f7:ac:12:51:bd:d8:
f8:68:ac:53:de:63:c8:a7:7d:d0:d0:0d:6e:64:f4:
75:cf:8b:4f:0d:10:47:d4:6f:e3:34:d6:de:33:77:
9d:e6:9e:62:5b:b6:c2:97:55:b6:33:31:dd:17:75:
20:2a:c6:af:75:86:d4:89:b0:40:d2:bc:5c:93:98:
71:db:96:e6:9f:33:9a:cd:53:df:fb:fd:77:61:86:
14:12:54:fc:ba:f8:f3:92:f2:c2:db:a9:8e:01:22:
f1:54:33:8e:f6:ce:92:c3:cb:89:ca:15:1b:78:69:
84:2f:55:b5:6f:e1:8d:2e:9f:1a:1b:3f:e4:91:0f:
b3:7e:24:2d:c4:62:e0:25:19:43:bb:5b:5e:2f:f1:
3f:2a:0c:84:72:02:c2:1c:60:a3:d6:84:4d:bb:74:
60:3e:f2:59:93:c5:8c:6d:fd:f3:00:1a:e7:fb:ae:
97:db:61:8c:2d:b0:72:60:4e:83:09:e2:9c:ae:5a:
50:84:a9:01:da:2b:30:ab:8b:40:36:cf:b1:82:8b:
52:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Authority Key Identifier:
keyid:96:B8:29:58:5D:04:30:FA:E1:3A:95:78:11:7F:0A:BA:C8:97:02:CC
DirName:/CN=jsefler-f12-candlepin.usersys.redhat.com/C=US/L=Raleigh
serial:DC:B4:1E:8F:C1:17:95:E6
X509v3 Subject Key Identifier:
1A:B7:F9:6D:3E:5B:08:6F:28:AF:1D:9E:95:AE:B6:34:19:3F:6B:80
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Subject Alternative Name:
DirName:/CN=testuser1
Signature Algorithm: sha1WithRSAEncryption
29:72:bd:9b:0f:e8:6e:68:07:30:d0:4b:d4:eb:fe:ec:d4:b7:
5a:87:04:03:76:7e:98:d5:04:8c:55:ee:d9:7c:2a:ed:0b:fd:
9f:e0:0e:c0:d8:bf:b5:01:1f:8b:99:80:24:e5:d4:8a:e3:9f:
85:3e:d8:f4:5b:7b:43:68:6a:80:16:67:31:85:5d:6e:1f:dd:
fc:dc:2b:ef:3a:52:0e:f8:cc:24:73:59:55:6a:59:d1:d2:37:
d5:3e:6c:62:f4:8a:0d:74:b1:8f:29:59:57:82:31:8e:bc:2b:
46:5b:c7:87:49:22:3f:6a:60:2f:03:d1:fc:2c:49:30:7c:16:
a4:88
[root@jsefler-rhel6-client01 ~]# subscription-manager-cli reregister --username=testuser1 --password=password
Ignoring username and password options. Using old uuid 368955e0-7882-456a-bc96-1a0f152923af
368955e0-7882-456a-bc96-1a0f152923af testuser1
[root@jsefler-rhel6-client01 ~]# ls -l /etc/pki/consumer/*
-rw-r--r--. 1 root root 1269 Sep 9 10:31 /etc/pki/consumer/cert.pem
-rw-r--r--. 1 root root 1679 Sep 9 10:31 /etc/pki/consumer/key.pem
[root@jsefler-rhel6-client01 ~]# openssl x509 -text -noout -in /etc/pki/consumer/cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 165 (0xa5)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=jsefler-f12-candlepin.usersys.redhat.com, C=US, L=Raleigh
Validity
Not Before: Sep 9 14:31:17 2010 GMT
Not After : Sep 9 14:31:17 2011 GMT
Subject: CN=368955e0-7882-456a-bc96-1a0f152923af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:94:97:42:38:1f:57:ce:ef:12:5a:e8:c2:3a:4d:
1e:1a:98:8b:5b:63:4d:bf:c0:7d:a5:7d:60:38:b3:
f3:d7:d9:66:e7:3c:3b:51:e1:68:b7:98:56:19:05:
b3:93:f4:26:4d:4d:d0:78:70:f7:ac:12:51:bd:d8:
f8:68:ac:53:de:63:c8:a7:7d:d0:d0:0d:6e:64:f4:
75:cf:8b:4f:0d:10:47:d4:6f:e3:34:d6:de:33:77:
9d:e6:9e:62:5b:b6:c2:97:55:b6:33:31:dd:17:75:
20:2a:c6:af:75:86:d4:89:b0:40:d2:bc:5c:93:98:
71:db:96:e6:9f:33:9a:cd:53:df:fb:fd:77:61:86:
14:12:54:fc:ba:f8:f3:92:f2:c2:db:a9:8e:01:22:
f1:54:33:8e:f6:ce:92:c3:cb:89:ca:15:1b:78:69:
84:2f:55:b5:6f:e1:8d:2e:9f:1a:1b:3f:e4:91:0f:
b3:7e:24:2d:c4:62:e0:25:19:43:bb:5b:5e:2f:f1:
3f:2a:0c:84:72:02:c2:1c:60:a3:d6:84:4d:bb:74:
60:3e:f2:59:93:c5:8c:6d:fd:f3:00:1a:e7:fb:ae:
97:db:61:8c:2d:b0:72:60:4e:83:09:e2:9c:ae:5a:
50:84:a9:01:da:2b:30:ab:8b:40:36:cf:b1:82:8b:
52:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Authority Key Identifier:
keyid:96:B8:29:58:5D:04:30:FA:E1:3A:95:78:11:7F:0A:BA:C8:97:02:CC
DirName:/CN=jsefler-f12-candlepin.usersys.redhat.com/C=US/L=Raleigh
serial:DC:B4:1E:8F:C1:17:95:E6
X509v3 Subject Key Identifier:
1A:B7:F9:6D:3E:5B:08:6F:28:AF:1D:9E:95:AE:B6:34:19:3F:6B:80
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Subject Alternative Name:
DirName:/CN=testuser1
Signature Algorithm: sha1WithRSAEncryption
0e:4e:e6:c6:61:e0:1b:ad:ec:de:f1:a9:e9:82:6c:8b:5c:e1:
bd:d1:35:40:b1:f2:5e:2e:5f:5e:8a:97:99:8f:6c:6a:4a:23:
8f:c7:93:67:15:f4:8c:04:81:23:36:2c:2e:18:f2:9c:4d:eb:
2d:54:ad:c9:89:d1:d0:e9:cf:16:7e:a0:2b:72:c5:d2:41:d8:
3f:ea:58:72:f5:64:6d:00:30:c6:7b:d0:02:f4:1c:09:28:56:
36:91:5e:3d:c7:86:f0:a3:b2:0a:40:92:27:fb:b5:c9:52:08:
b9:0d:60:15:92:3f:9f:05:01:3c:de:39:1b:ba:77:24:be:d1:
52:4a
[root@jsefler-rhel6-client01 ~]#
MOVING TO VERIFIED
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0611.html |