Bug 1274191 - Buypass Class 3 CA 1 certificate will soon expire
Buypass Class 3 CA 1 certificate will soon expire
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ca-certificates (Show other bugs)
7.2
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Kai Engert (:kaie)
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-22 04:40 EDT by Stanislav Zidek
Modified: 2015-10-30 10:06 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1101310
Environment:
Last Closed: 2015-10-30 10:06:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stanislav Zidek 2015-10-22 04:40:53 EDT
Will also expire on RHEL-7

+++ This bug was initially created as a clone of Bug #1101310 +++

Description of problem:
CA certificate of Buypass Class 3 CA 1 will expire in 9th of May 2015

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
        Validity
            Not Before: May  9 14:13:03 2005 GMT
            Not After : May  9 14:13:03 2015 GMT
        Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a4:8e:d7:74:d9:29:64:de:5f:1f:87:80:91:ea:
                    4e:39:e6:19:c6:44:0b:80:d5:0b:af:53:07:8b:12:
                    bd:e6:67:f0:02:b1:89:f6:60:8a:c4:5b:b0:42:d1:
                    c0:21:a8:cb:e1:9b:ef:64:51:b6:a7:cf:15:f5:74:
                    80:68:04:90:a0:58:a2:e6:74:a6:53:53:55:48:63:
                    3f:92:56:dd:24:4e:8e:f8:ba:2b:ff:f3:34:8a:9e:
                    28:d7:34:9f:ac:2f:d6:0f:f1:a4:2f:bd:52:b2:49:
                    85:6d:39:35:f0:44:30:93:46:24:f3:b6:e7:53:fb:
                    bc:61:af:a9:a3:14:fb:c2:17:17:84:6c:e0:7c:88:
                    f8:c9:1c:57:2c:f0:3d:7e:94:bc:25:93:84:e8:9a:
                    00:9a:45:05:42:57:80:f4:4e:ce:d9:ae:39:f6:c8:
                    53:10:0c:65:3a:47:7b:60:c2:d6:fa:91:c9:c6:71:
                    6c:bd:91:87:3c:91:86:49:ab:f3:0f:a0:6c:26:76:
                    5e:1c:ac:9b:71:e5:8d:bc:9b:21:1e:9c:d6:38:7e:
                    24:80:15:31:82:96:b1:49:d3:62:37:5b:88:0c:0a:
                    62:34:fe:a7:48:7e:99:b1:30:8b:90:37:95:1c:a8:
                    1f:a5:2c:8d:f4:55:c8:db:dd:59:0a:c2:ad:78:a0:
                    f4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                38:14:E6:C8:F0:A9:A4:03:F4:4E:3E:22:A3:5B:F2:D6:E0:AD:40:74
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
    Signature Algorithm: sha1WithRSAEncryption
         01:67:a3:8c:c9:25:3d:13:63:5d:16:6f:ec:a1:3e:09:5c:91:
         15:2a:2a:d9:80:21:4f:05:dc:bb:a5:89:ab:13:33:2a:9e:38:
         b7:8c:6f:02:72:63:c7:73:77:1e:09:06:ba:3b:28:7b:a4:47:
         c9:61:6b:08:08:20:fc:8a:05:8a:1f:bc:ba:c6:c2:fe:cf:6e:
         ec:13:33:71:67:2e:69:fa:a9:2c:3f:66:c0:12:59:4d:0b:54:
         02:92:84:bb:db:12:ef:83:70:70:78:c8:53:fa:df:c6:c6:ff:
         dc:88:2f:07:c0:49:9d:32:57:60:d3:f2:f6:99:29:5f:e7:aa:
         01:cc:ac:33:a8:1c:0a:bb:91:c4:03:a0:6f:b6:34:f9:86:d3:
         b3:76:54:98:f4:4a:81:b3:53:9d:4d:40:ec:e5:77:13:45:af:
         5b:aa:1f:d8:2f:4c:82:7b:fe:2a:c4:58:bb:4f:fc:9e:fd:03:
         65:1a:2a:0e:c3:a5:20:16:94:6b:79:a6:a2:12:b4:bb:1a:a4:
         23:7a:5f:f0:ae:84:24:e4:f3:2b:fb:8a:24:a3:27:98:65:da:
         30:75:76:fc:19:91:e8:db:eb:9b:3f:32:bf:40:97:07:26:ba:
         cc:f3:94:85:4a:7a:27:93:cf:90:42:d4:b8:5b:16:a6:e7:cb:
         40:03:dd:79
Comment 1 Kai Engert (:kaie) 2015-10-22 12:10:02 EDT
I don't understand the purpose of this bug report.

You're compaining about a CA that has already expired.

There's only reason to file such bugs: To prepare in advance for the likelyhood that a CA might publish a replacement certificate prior to expiration, and the need to pick it up.

Since the expiration was 5 months ago, I don't think there's anything to do here?
Comment 2 Stanislav Zidek 2015-10-23 05:57:24 EDT
Huh, sorry Kai, I didn't notice the one in RHEL-6 already expired. In RHEL-7, it is not yet expired, it will expire in ~year. 

:: [   FAIL   ] :: Certificate  /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1 validity (cert date: 2016-10-13  VS.  future: 2016-10-20) (Assert: "1476354309" should be greater than "1476992440")
:: [ 15:41:20 ] :: [ INFO    ] :: File digest for waiving purposes: 0f4e9cdd264b025550d170806340214fe94434c9b02f697ec710fc5feafb5e38
:: [  BEGIN   ] :: Print certificate text form :: actually running 'openssl x509 -in 31.pem -noout -text'
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1
        Validity
            Not Before: Oct 13 10:25:09 2006 GMT
            Not After : Oct 13 10:25:09 2016 GMT
        Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:8b:3c:07:45:d8:f6:df:e6:c7:ca:ba:8d:43:c5:
                    47:8d:b0:5a:c1:38:db:92:84:1c:af:13:d4:0f:6f:
                    36:46:20:c4:2e:cc:71:70:34:a2:34:d3:37:2e:d8:
                    dd:3a:77:2f:c0:eb:29:e8:5c:d2:b5:a9:91:34:87:
                    22:59:fe:cc:db:e7:99:af:96:c1:a8:c7:40:dd:a5:
                    15:8c:6e:c8:7c:97:03:cb:e6:20:f2:d7:97:5f:31:
                    a1:2f:37:d2:be:ee:be:a9:ad:a8:4c:9e:21:66:43:
                    3b:a8:bc:f3:09:a3:38:d5:59:24:c1:c2:47:76:b1:
                    88:5c:82:3b:bb:2b:a6:04:d7:8c:07:8f:cd:d5:41:
                    1d:f0:ae:b8:29:2c:94:52:60:34:94:3b:da:e0:38:
                    d1:9d:33:3e:15:f4:93:32:c5:00:da:b5:29:66:0e:
                    3a:78:0f:21:52:5f:02:e5:92:7b:25:d3:92:1e:2f:
                    15:9d:81:e4:9d:8e:e8:ef:89:ce:14:4c:54:1d:1c:
                    81:12:4d:70:a8:be:10:05:17:7e:1f:d1:b8:57:55:
                    ed:cd:bb:52:c2:b0:1e:78:c2:4d:36:68:cb:56:26:
                    c1:52:c1:bd:76:f7:58:d5:72:7e:1f:44:76:bb:00:
                    89:1d:16:9d:51:35:ef:4d:c2:56:ef:6b:e0:8c:3b:
                    0d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                3F:8D:9A:59:8B:FC:7B:7B:9C:A3:AF:38:B0:39:ED:90:71:80:D6:C8
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
    Signature Algorithm: sha1WithRSAEncryption
         15:1a:7e:13:8a:b9:e8:07:a3:4b:27:32:b2:40:91:f2:21:d1:
         64:85:be:63:6a:d2:cf:81:c2:15:d5:7a:7e:0c:29:ac:37:1e:
         1c:7c:76:52:95:da:b5:7f:23:a1:29:77:65:c9:32:9d:a8:2e:
         56:ab:60:76:ce:16:b4:8d:7f:78:c0:d5:99:51:83:7f:5e:d9:
         be:0c:a8:50:ed:22:c7:ad:05:4c:76:fb:ed:ee:1e:47:64:f6:
         f7:27:7d:5c:28:0f:45:c5:5c:62:5e:a6:9a:91:91:b7:53:17:
         2e:dc:ad:60:9d:96:64:39:bd:67:68:b2:ae:05:cb:4d:e7:5f:
         1f:57:86:d5:20:9c:28:fb:6f:13:38:f5:f6:11:92:f6:7d:99:
         5e:1f:0c:e8:ab:44:24:29:72:40:3d:36:52:af:8c:58:90:73:
         c1:ec:61:2c:79:a1:ec:87:b5:3f:da:4d:d9:21:00:30:de:90:
         da:0e:d3:1a:48:a9:3e:85:0b:14:8b:8c:bc:41:9e:6a:f7:0e:
         70:c0:35:f7:39:a2:5d:66:d0:7b:59:9f:a8:47:12:9a:27:23:
         a4:2d:8e:27:83:92:20:a1:d7:15:7f:f1:2e:18:ee:f4:48:7f:
         2f:7f:f1:a1:18:b5:a1:0b:94:a0:62:20:32:9c:1d:f6:d4:ef:
         bf:4c:88:68
:: [   PASS   ] :: Print certificate text form (Expected 0, got 0)
Comment 3 Kai Engert (:kaie) 2015-10-30 10:06:00 EDT
No, that's a different certificate.

Note You need to log in before you can comment on or make changes to this bug.