Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1263764

Summary: Show Certificate displays in useless format
Product: Red Hat Enterprise Linux 7 Reporter: Martin Poole <mpoole>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: ksiddiqu, mbasti, mpoole, pvoborni, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.4.0-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 05:46:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1272491    
Bug Blocks:    
Attachments:
Description Flags
view_certificate_1.png
none
delete_certificate.png none

Description Martin Poole 2015-09-16 15:53:40 UTC 
Description of problem:

The option to "Show" a "Host Certificate" display a single string.

In order to be of any use whatsoever this needs to be line wrapped at 64 characters and wrapped with the usual

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Version-Release number of selected component (if applicable):

ipa-server-4.2.0-8.el7
Comment 2 Rob Crittenden 2015-09-16 17:39:00 UTC 
More details would be useful on where exactly you are seeing this but it can be done on the command-line by specifying --out /path/to/file:

$ ipa cert-show 1 --out /tmp/cert.pem

$ ipa host-show ipa.example.com --out /tmp/cert2.pem
Comment 3 Martin Poole 2015-09-17 08:28:10 UTC 
This is in the GUI having chosen a host on the Hosts page.

On the right hand side you get

  Host Certificate

       Certificate   1 certificates(s) present  "Show"
Comment 4 Petr Vobornik 2015-09-17 08:48:48 UTC 
I agree that output is not the best. The proposal sounds reasonable.

In long term perspective Web UI can also have multiple views of cert:
- make it downloadable in e.g. pem format
- display it as proposed in comment 1
- "show" the certificate in human readable form
Comment 5 Martin Poole 2015-09-17 10:32:50 UTC 
Addtionally, on using 

  ipa host-show ipa.example.com

I see the same pointless format for the certificate (admittedly the --out format is correct).  Is there any point in printing such a string in that manner ?

  Fingerprint (MD5): a2:df:29:d5:48:50:f4:16:45:8d:b6:40:c1:4b:78:64
  Fingerprint (SHA1): 3b:c6:1c:08:bb:70:e6:b5:3f:de:21:a7:fb:3c:c0:60:cf:a6:ec:29


MD5 ? In this day and age ?

And even if MD5 is still relevant in certain dusty realms where's the sha256 & sha512 ?
Comment 6 Petr Vobornik 2015-09-18 13:55:03 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5311
Comment 7 Petr Vobornik 2016-04-20 14:10:22 UTC 
This UI will be completely changed in https://fedorahosted.org/freeipa/ticket/5381
Comment 8 Martin Bašti 2016-06-29 12:51:09 UTC 
master:
https://fedorahosted.org/freeipa/changeset/573819eb07ea67311004850b7726f3368bacb49b
Comment 9 Petr Vobornik 2016-06-29 13:44:43 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/e3e83272c9ffaf2a09f910e754c4a0421c816fd0
https://fedorahosted.org/freeipa/changeset/f243bd2d6564dd35ab5d506578f5d1d2ccb99b2f
https://fedorahosted.org/freeipa/changeset/3d61aca6237852908e0857f9e28ed9c7243b7a3e
https://fedorahosted.org/freeipa/changeset/044d3c25de6806b68b1f1627863873ecb1a87957
https://fedorahosted.org/freeipa/changeset/e7a55ef30b252a616f50c58f99a538e9b090037c
https://fedorahosted.org/freeipa/changeset/06a9a84876345135acac933aca9ada235651997e
https://fedorahosted.org/freeipa/changeset/260a00b81ff10dbe05d35741febfffde2e4ef1dc
https://fedorahosted.org/freeipa/changeset/3056f349b94eb99deb665937a61204e0bfea6b78
https://fedorahosted.org/freeipa/changeset/6d3622c600a82f889e77809c982d996974335e62
https://fedorahosted.org/freeipa/changeset/55a0baf1c32e1c472efe2ce81870e05abccb5a4a
https://fedorahosted.org/freeipa/changeset/0b72571c5ab36dc0a2d93ded9a10a1b7b08d552e
https://fedorahosted.org/freeipa/changeset/79ec965a967ee561fe3ad1363a64fbb06702e358
https://fedorahosted.org/freeipa/changeset/82e69e430009d8b47e45dadd6895af1d71ecd1dd
https://fedorahosted.org/freeipa/changeset/2f048224d2509cddf07532f9703aa88f4eebc9b8
https://fedorahosted.org/freeipa/changeset/d7898ac2eb3b9d7b0e24579c9d8ea2f541f55268
Comment 10 Petr Vobornik 2016-06-29 13:46:03 UTC 
Now the certificate can be
* viewed parsed in Web UI
* viewed in PEM format in Web UI
* downloaded in PEM format
Comment 12 Abhijeet Kasurde 2016-09-02 11:27:59 UTC 
Created attachment 1197121 [details]
view_certificate_1.png
Comment 13 Abhijeet Kasurde 2016-09-02 11:29:43 UTC 
Created attachment 1197122 [details]
delete_certificate.png

Verified using IPA version ::
ipa-server-4.4.0-8.el7.x86_64

Marking BZ as verified.
Comment 15 errata-xmlrpc 2016-11-04 05:46:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html