Bug 701325
Summary: | Unable to Download Certificate with Browser | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Niranjan Mallapadi Raghavender <mniranja> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | benl, dpal, edewata, grajaiya, jgalipea |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.1.3-3.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: The X509v3 certificate in a host or service record in the Web UI was not properly formatted so was not easily usable.
Consequence: One could not simply cut-and-paste the certificate and use it in PEM format.
Fix: Convert the certificate from base64 into PEM format.
Result: A certificate can be cut-and-pasted and used in PEM format.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2011-12-06 18:21:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 750914 |
Description
Niranjan Mallapadi Raghavender
2011-05-02 15:24:21 UTC
fixed upstream master: 9a039acb224ab3dd6c739f141233000b50c28e6f ipa-2-1: 9b7639a89df70bdd5cbc29c0393ebe53395e566f Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: The X509v3 certificate in a host or service record in the Web UI was not properly formatted so was not easily usable. Consequence: One could not simply cut-and-paste the certificate and use it in PEM format. Fix: Convert the certificate from base64 into PEM format. Result: A certificate can be cut-and-pasted and used in PEM format. Thanks for fixing this bug 1. I had verified the fix by Adding the host from web-ui first 2. Created certificate request for the host using the below command $openssl genrsa 1024 > juno.key $openssl req -new -key juno.key -out juno.csr 3. Submit the CSR , by following the below procedure Login as admin to the web-ui->host-> select the host added, click on "New Certificate" and paste the CSR created using step-2 4. Once Signed click on Get "To get the Certificate" , Copy the Contents and verify it using $openssl x509 -in <file-name> -noout -text Thanks Niranjan Thanks Niranjan for confirming this. 1. openssl genrsa 1024 > sideswipe.key 2. openssl req -new -key sideswipe.key -out sideswipe.csr 3. Submit the CSR , by following the below procedure Login as admin to the web-ui->host-> select the host added, click on "New Certificate" and paste the CSR created using step-2 4. Once Signed click on Get "To get the Certificate" , Copy the Contents and verify it using openssl x509 -in shanks.sideswipe --noout -text [root@sideswipe ~]# openssl x509 -in shanks.sideswipe -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 12 (0xc) Signature Algorithm: sha256WithRSAEncryption Issuer: O=LAB.ENG.PNQ.REDHAT.COM, CN=Certificate Authority Validity Not Before: Nov 7 10:02:54 2011 GMT Not After : Nov 7 10:02:54 2013 GMT Subject: O=LAB.ENG.PNQ.REDHAT.COM, CN=sideswipe.lab.eng.pnq.redhat.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:93:15:de:70:13:38:e5:c0:ae:aa:3c:39:95:2e: 37:d7:97:f5:b4:98:04:e0:19:0b:25:04:3f:72:a7: 92:ea:2f:8e:63:a3:f1:ce:60:c6:58:2d:cb:07:fc: be:bc:00:ee:cb:e7:bc:79:e3:38:db:17:74:28:0a: 66:7d:d8:07:6d:0d:9c:44:13:bb:4b:c0:3d:e3:99: 6b:0a:4a:44:32:02:a3:76:a7:c6:40:79:f9:4d:18: c0:3a:cc:d0:1e:fe:79:02:6d:72:fa:cb:df:b5:85: 34:78:6c:e6:af:74:20:c2:4e:18:9d:e9:2d:85:13: d4:c5:88:3c:79:8e:4f:f5:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:1A:1A:3B:30:D9:CB:C1:FB:B6:42:10:D2:9F:F6:DA:FD:A0:48:1C:C0 Authority Information Access: OCSP - URI:http://decepticons.lab.eng.pnq.redhat.com:80/ca/ocsp X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption d1:af:85:c9:b1:31:d4:16:01:50:a7:67:95:06:ca:e4:ed:bc: 2a:cf:0e:dc:f5:0f:cc:26:a5:94:05:e6:8b:b7:60:07:34:48: 9a:4d:1f:02:81:7e:27:ad:b9:de:66:dc:58:49:d7:2e:85:1b: 84:a8:67:bd:ae:bb:ee:54:40:78:96:a9:df:5f:99:f3:d0:b6: 1b:66:35:87:db:7f:f0:2e:22:f7:cd:17:1b:f8:37:0c:33:9a: 82:2c:f9:4a:0f:c3:e7:26:3f:cd:11:79:61:7e:40:a6:7d:9d: 98:75:fb:c6:70:ff:65:0c:31:73:1b:34:76:f6:bf:74:89:cb: ba:10:f7:13:3f:fa:98:a5:38:97:16:ee:65:af:a0:8e:43:a5: 12:87:b1:67:6b:ba:ed:ed:26:44:44:5d:f4:f4:72:96:b7:63: 57:e3:7a:d7:95:a3:fc:33:1e:f4:2d:0d:ce:00:ef:6e:23:72: 02:17:c7:0a:57:68:8e:c9:8c:17:af:44:c3:2b:e1:d6:be:dd: 93:a0:a2:9e:58:6e:69:79:bf:f7:25:58:23:8b:31:35:dd:71: f9:7e:3d:e5:35:3f:a2:3b:ea:92:9e:3f:00:31:da:20:bd:a2: 5c:cf:71:7f:3f:b7:74:5e:ba:06:4d:91:85:c9:b5:a3:0b:58: f4:9e:50:55 [root@sideswipe ~]# Verified. [root@decepticons ~]# rpm -qi ipa-server | head Name : ipa-server Relocations: (not relocatable) Version : 2.1.3 Vendor: Red Hat, Inc. Release : 8.el6 Build Date: Wed 02 Nov 2011 03:21:27 AM IST Install Date: Thu 03 Nov 2011 10:13:53 AM IST Build Host: x86-012.build.bos.redhat.com Group : System Environment/Base Source RPM: ipa-2.1.3-8.el6.src.rpm Size : 3381421 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : The IPA authentication server [root@decepticons ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |