1263764 – Show Certificate displays in useless format

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1263764 - Show Certificate displays in useless format

Summary: Show Certificate displays in useless format

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	IPA Maintainers
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:	1272491
Blocks:
TreeView+	depends on / blocked

Reported:	2015-09-16 15:53 UTC by Martin Poole
Modified:	2016-11-04 05:46 UTC (History)
CC List:	5 users (show)
Fixed In Version:	ipa-4.4.0-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-04 05:46:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
view_certificate_1.png (142.66 KB, image/png) 2016-09-02 11:27 UTC, Abhijeet Kasurde	no flags	Details
delete_certificate.png (118.84 KB, image/png) 2016-09-02 11:29 UTC, Abhijeet Kasurde	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1272491	0	unspecified	CLOSED	[WebUI] Certificate action dropdown does not display all the options after adding new certificate	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHBA-2016:2404	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2016-11-03 13:56:18 UTC

Internal Links: 1272491

Description Martin Poole 2015-09-16 15:53:40 UTC

Description of problem:

The option to "Show" a "Host Certificate" display a single string.

In order to be of any use whatsoever this needs to be line wrapped at 64 characters and wrapped with the usual

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Version-Release number of selected component (if applicable):

ipa-server-4.2.0-8.el7

Comment 2 Rob Crittenden 2015-09-16 17:39:00 UTC

More details would be useful on where exactly you are seeing this but it can be done on the command-line by specifying --out /path/to/file:

$ ipa cert-show 1 --out /tmp/cert.pem

$ ipa host-show ipa.example.com --out /tmp/cert2.pem

Comment 3 Martin Poole 2015-09-17 08:28:10 UTC

This is in the GUI having chosen a host on the Hosts page.

On the right hand side you get

  Host Certificate

       Certificate   1 certificates(s) present  "Show"

Comment 4 Petr Vobornik 2015-09-17 08:48:48 UTC

I agree that output is not the best. The proposal sounds reasonable.

In long term perspective Web UI can also have multiple views of cert:
- make it downloadable in e.g. pem format
- display it as proposed in comment 1
- "show" the certificate in human readable form

Comment 5 Martin Poole 2015-09-17 10:32:50 UTC

Addtionally, on using 

  ipa host-show ipa.example.com

I see the same pointless format for the certificate (admittedly the --out format is correct).  Is there any point in printing such a string in that manner ?

  Fingerprint (MD5): a2:df:29:d5:48:50:f4:16:45:8d:b6:40:c1:4b:78:64
  Fingerprint (SHA1): 3b:c6:1c:08:bb:70:e6:b5:3f:de:21:a7:fb:3c:c0:60:cf:a6:ec:29


MD5 ? In this day and age ?

And even if MD5 is still relevant in certain dusty realms where's the sha256 & sha512 ?

Comment 6 Petr Vobornik 2015-09-18 13:55:03 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5311

Comment 7 Petr Vobornik 2016-04-20 14:10:22 UTC

This UI will be completely changed in https://fedorahosted.org/freeipa/ticket/5381

Comment 8 Martin Bašti 2016-06-29 12:51:09 UTC

master:
https://fedorahosted.org/freeipa/changeset/573819eb07ea67311004850b7726f3368bacb49b

Comment 9 Petr Vobornik 2016-06-29 13:44:43 UTC

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/e3e83272c9ffaf2a09f910e754c4a0421c816fd0
https://fedorahosted.org/freeipa/changeset/f243bd2d6564dd35ab5d506578f5d1d2ccb99b2f
https://fedorahosted.org/freeipa/changeset/3d61aca6237852908e0857f9e28ed9c7243b7a3e
https://fedorahosted.org/freeipa/changeset/044d3c25de6806b68b1f1627863873ecb1a87957
https://fedorahosted.org/freeipa/changeset/e7a55ef30b252a616f50c58f99a538e9b090037c
https://fedorahosted.org/freeipa/changeset/06a9a84876345135acac933aca9ada235651997e
https://fedorahosted.org/freeipa/changeset/260a00b81ff10dbe05d35741febfffde2e4ef1dc
https://fedorahosted.org/freeipa/changeset/3056f349b94eb99deb665937a61204e0bfea6b78
https://fedorahosted.org/freeipa/changeset/6d3622c600a82f889e77809c982d996974335e62
https://fedorahosted.org/freeipa/changeset/55a0baf1c32e1c472efe2ce81870e05abccb5a4a
https://fedorahosted.org/freeipa/changeset/0b72571c5ab36dc0a2d93ded9a10a1b7b08d552e
https://fedorahosted.org/freeipa/changeset/79ec965a967ee561fe3ad1363a64fbb06702e358
https://fedorahosted.org/freeipa/changeset/82e69e430009d8b47e45dadd6895af1d71ecd1dd
https://fedorahosted.org/freeipa/changeset/2f048224d2509cddf07532f9703aa88f4eebc9b8
https://fedorahosted.org/freeipa/changeset/d7898ac2eb3b9d7b0e24579c9d8ea2f541f55268

Comment 10 Petr Vobornik 2016-06-29 13:46:03 UTC

Now the certificate can be
* viewed parsed in Web UI
* viewed in PEM format in Web UI
* downloaded in PEM format

Comment 12 Abhijeet Kasurde 2016-09-02 11:27:59 UTC

Created attachment 1197121 [details]
view_certificate_1.png

Comment 13 Abhijeet Kasurde 2016-09-02 11:29:43 UTC

Created attachment 1197122 [details]
delete_certificate.png

Verified using IPA version ::
ipa-server-4.4.0-8.el7.x86_64

Marking BZ as verified.

Comment 15 errata-xmlrpc 2016-11-04 05:46:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html

Note You need to log in before you can comment on or make changes to this bug.