Bug 811295
Summary: | Installation fails when CN is set in certificate subject base | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 6.3 | CC: | clasohm, jgalipea, ksiddiqu, mkosek |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.0.0-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Administrators installing Identity Management were able to choose certificate subject base with a Common name (CN) as one component. However, it is illegal to have more than one CN attribute in a certificate subject.
Consequence: Identity Management installation crashes.
Fix: Do not allow CN attribute in a certificate subject base option.
Result: Administrator is warned when he chooses a wrong certificate subject base.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 09:10:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dmitri Pal
2012-04-10 16:12:10 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4. Fixed upstream: master: 390d708e43a71bf45b5a6e168277ebea483f473f - Installation fails when CN is set in certificate subject base ipa-3-0: 390d708e43a71bf45b5a6e168277ebea483f473f - Installation fails when CN is set in certificate subject base As having a multiple CNs values in a subject of a certificate is generally discouraged and can cause client issues (like the one reported), it is no longer allowed by ipa-server-install's --subject option. Verified. Now CN attribute is not allowed in subject parameter and error message is displayed. IPA-Server version: ================== [root@rhel64master install-server-cli]# rpm -q ipa-server ipa-server-3.0.0-8.el6.x86_64 [root@rhel64master install-server-cli]# [root@rhel64master ~]# ipa-server-install --setup-dns --forwarder=10.14.63.12 -r TESTRELM.COM -p xxxxxx -P xxxxxx -a xxxxxx -U --subject CN=Test Usage: ipa-server-install [options] ipa-server-install: error: --subject=CN=Test has invalid attribute: "CN" [root@rhel64master ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html |