Bug 1263764 - Show Certificate displays in useless format
Summary: Show Certificate displays in useless format
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On: 1272491
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-16 15:53 UTC by Martin Poole
Modified: 2016-11-04 05:46 UTC (History)
5 users (show)

Fixed In Version: ipa-4.4.0-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 05:46:43 UTC


Attachments (Terms of Use)
view_certificate_1.png (142.66 KB, image/png)
2016-09-02 11:27 UTC, Abhijeet Kasurde
no flags Details
delete_certificate.png (118.84 KB, image/png)
2016-09-02 11:29 UTC, Abhijeet Kasurde
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC
Red Hat Bugzilla 1272491 None None None Never

Internal Links: 1272491

Description Martin Poole 2015-09-16 15:53:40 UTC
Description of problem:

The option to "Show" a "Host Certificate" display a single string.

In order to be of any use whatsoever this needs to be line wrapped at 64 characters and wrapped with the usual

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Version-Release number of selected component (if applicable):

ipa-server-4.2.0-8.el7

Comment 2 Rob Crittenden 2015-09-16 17:39:00 UTC
More details would be useful on where exactly you are seeing this but it can be done on the command-line by specifying --out /path/to/file:

$ ipa cert-show 1 --out /tmp/cert.pem

$ ipa host-show ipa.example.com --out /tmp/cert2.pem

Comment 3 Martin Poole 2015-09-17 08:28:10 UTC
This is in the GUI having chosen a host on the Hosts page.

On the right hand side you get

  Host Certificate

       Certificate   1 certificates(s) present  "Show"

Comment 4 Petr Vobornik 2015-09-17 08:48:48 UTC
I agree that output is not the best. The proposal sounds reasonable.

In long term perspective Web UI can also have multiple views of cert:
- make it downloadable in e.g. pem format
- display it as proposed in comment 1
- "show" the certificate in human readable form

Comment 5 Martin Poole 2015-09-17 10:32:50 UTC
Addtionally, on using 

  ipa host-show ipa.example.com

I see the same pointless format for the certificate (admittedly the --out format is correct).  Is there any point in printing such a string in that manner ?

  Fingerprint (MD5): a2:df:29:d5:48:50:f4:16:45:8d:b6:40:c1:4b:78:64
  Fingerprint (SHA1): 3b:c6:1c:08:bb:70:e6:b5:3f:de:21:a7:fb:3c:c0:60:cf:a6:ec:29


MD5 ? In this day and age ?

And even if MD5 is still relevant in certain dusty realms where's the sha256 & sha512 ?

Comment 6 Petr Vobornik 2015-09-18 13:55:03 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5311

Comment 7 Petr Vobornik 2016-04-20 14:10:22 UTC
This UI will be completely changed in https://fedorahosted.org/freeipa/ticket/5381

Comment 10 Petr Vobornik 2016-06-29 13:46:03 UTC
Now the certificate can be
* viewed parsed in Web UI
* viewed in PEM format in Web UI
* downloaded in PEM format

Comment 12 Abhijeet Kasurde 2016-09-02 11:27:59 UTC
Created attachment 1197121 [details]
view_certificate_1.png

Comment 13 Abhijeet Kasurde 2016-09-02 11:29:43 UTC
Created attachment 1197122 [details]
delete_certificate.png

Verified using IPA version ::
ipa-server-4.4.0-8.el7.x86_64

Marking BZ as verified.

Comment 15 errata-xmlrpc 2016-11-04 05:46:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.