1326292 – Microsec e-Szigno Root CA will soon expire

Bug 1326292 - Microsec e-Szigno Root CA will soon expire

Summary: Microsec e-Szigno Root CA will soon expire

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ca-certificates
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Kai Engert (:kaie) (inactive account)
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-12 11:12 UTC by Stanislav Zidek
Modified:	2016-09-28 15:34 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-09-28 15:34:37 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Stanislav Zidek 2016-04-12 11:12:42 UTC

This is just a tracking bug for expiring CA certificate - Microsec e-Szigno Root CA

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 999181308 (0x3b8e4bfc)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: emailAddress=pki, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK
        Validity
            Not Before: Aug 30 14:23:01 2001 GMT
            Not After : Aug 26 14:23:01 2016 GMT
        Subject: emailAddress=pki, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:81:71:36:3e:33:07:d6:e3:30:8d:13:7e:77:32:
                    46:cb:cf:19:b2:60:31:46:97:86:f4:98:46:a4:c2:
                    65:45:cf:d3:40:7c:e3:5a:22:a8:10:78:33:cc:88:
                    b1:d3:81:4a:f6:62:17:7b:5f:4d:0a:2e:d0:cf:8b:
                    23:ee:4f:02:4e:bb:eb:0e:ca:bd:18:63:e8:80:1c:
                    8d:e1:1c:8d:3d:e0:ff:5b:5f:ea:64:e5:97:e8:3f:
                    99:7f:0c:0a:09:33:00:1a:53:a7:21:e1:38:4b:d6:
                    83:1b:ad:af:64:c2:f9:1c:7a:8c:66:48:4d:66:1f:
                    18:0a:e2:3e:bb:1f:07:65:93:85:b9:1a:b0:b9:c4:
                    fb:0d:11:f6:f5:d6:f9:1b:c7:2c:2b:b7:18:51:fe:
                    e0:7b:f6:a8:48:af:6c:3b:4f:2f:ef:f8:d1:47:1e:
                    26:57:f0:51:1d:33:96:ff:ef:59:3d:da:4d:d1:15:
                    34:c7:ea:3f:16:48:7b:91:1c:80:43:0f:3d:b8:05:
                    3e:d1:b3:95:cd:d8:ca:0f:c2:43:67:db:b7:93:e0:
                    22:82:2e:be:f5:68:28:83:b9:c1:3b:69:7b:20:da:
                    4e:9c:6d:e1:ba:cd:8f:7a:6c:b0:09:22:d7:8b:0b:
                    db:1c:d5:5a:26:5b:0d:c0:ea:e5:60:d0:9f:fe:35:
                    df:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.10015.1.1.1
                  User Notice:
                    Explicit Text: 
                  CPS: http://www.sk.ee/cps/

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://www.sk.ee/juur/crl/

            X509v3 Subject Key Identifier: 
                04:AA:7A:47:A3:E4:89:AF:1A:CF:0A:40:A7:18:3F:6F:EF:E9:7D:BE
            X509v3 Authority Key Identifier: 
                keyid:04:AA:7A:47:A3:E4:89:AF:1A:CF:0A:40:A7:18:3F:6F:EF:E9:7D:BE

            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
    Signature Algorithm: sha1WithRSAEncryption
         7b:c1:18:94:53:a2:09:f3:fe:26:67:9a:50:e4:c3:05:2f:2b:
         35:78:91:4c:7c:a8:11:11:79:4c:49:59:ac:c8:f7:85:65:5c:
         46:bb:3b:10:a0:02:af:cd:4f:b5:cc:36:2a:ec:5d:fe:ef:a0:
         91:c9:b6:93:6f:7c:80:54:ec:c7:08:70:0d:8e:fb:82:ec:2a:
         60:78:69:36:36:d1:c5:9c:8b:69:b5:40:c8:94:65:77:f2:57:
         21:66:3b:ce:85:40:b6:33:63:1a:bf:79:1e:fc:5c:1d:d3:1d:
         93:1b:8b:0c:5d:85:bd:99:30:32:18:09:91:52:e9:7c:a1:ba:
         ff:64:92:9a:ec:fe:35:ee:8c:2f:ae:fc:20:86:ec:4a:de:1b:
         78:32:37:a6:81:d2:9d:af:5a:12:16:ca:99:5b:fc:6f:6d:0e:
         c5:a0:1e:86:c9:91:d0:5c:98:82:5f:63:0c:8a:5a:ab:d8:95:
         a6:cc:cb:8a:d6:bf:64:4b:8e:ca:8a:b2:b0:e9:21:32:9e:aa:
         a8:85:98:34:81:39:21:3b:a8:3a:52:32:3d:f6:6b:37:86:06:
         5a:15:98:dc:f0:11:66:fe:34:20:b7:03:f4:41:10:7d:39:84:
         79:96:72:63:b6:96:02:e5:6b:b9:ad:19:4d:bb:c6:44:db:36:
         cb:2a:9c:8e

Comment 2 Stanislav Zidek 2016-05-20 10:57:06 UTC

Note: also present on RHEL-5 and RHEL-6, I see no point in filing another bugs.

Comment 3 Hubert Kario 2016-06-29 12:59:21 UTC

The actual certificate is

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            cc:b8:e7:bf:4e:29:1a:fd:a2:dc:66:a5:1c:2c:0f:11
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
        Validity
            Not Before: Apr  6 12:28:44 2005 GMT
            Not After : Apr  6 12:28:44 2017 GMT
        Subject: C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ed:c8:00:d5:81:7b:cd:38:00:47:cc:db:84:c1:
                    21:69:2c:74:90:0c:21:d9:53:87:ed:3e:43:44:53:
                    af:ab:f8:80:9b:3c:78:8d:d4:8d:ae:b8:ef:d3:11:
                    dc:81:e6:cf:3b:96:8c:d6:6f:15:c6:77:7e:a1:2f:
                    e0:5f:92:b6:27:d7:76:9a:1d:43:3c:ea:d9:ec:2f:
                    ee:39:f3:6a:67:4b:8b:82:cf:22:f8:65:55:fe:2c:
                    cb:2f:7d:48:7a:3d:75:f9:aa:a0:27:bb:78:c2:06:
                    ca:51:c2:7e:66:4b:af:cd:a2:a7:4d:02:82:3f:82:
                    ac:85:c6:e1:0f:90:47:99:94:0a:71:72:93:2a:c9:
                    a6:c0:be:3c:56:4c:73:92:27:f1:6b:b5:f5:fd:fc:
                    30:05:60:92:c6:eb:96:7e:01:91:c2:69:b1:1e:1d:
                    7b:53:45:b8:dc:41:1f:c9:8b:71:d6:54:14:e3:8b:
                    54:78:3f:be:f4:62:3b:5b:f5:a3:ec:d5:92:74:e2:
                    74:30:ef:01:db:e1:d4:ab:99:9b:2a:6b:f8:bd:a6:
                    1c:86:23:42:5f:ec:49:de:9a:8b:5b:f4:72:3a:40:
                    c5:49:3e:a5:be:8e:aa:71:eb:6c:fa:f5:1a:e4:6a:
                    fd:7b:7d:55:40:ef:58:6e:e6:d9:d5:bc:24:ab:c1:
                    ef:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:https://rca.e-szigno.hu/ocsp
                CA Issuers - URI:http://www.e-szigno.hu/RootCA.crt

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.21528.2.1.1.1
                  CPS: http://www.e-szigno.hu/SZSZ/
                  User Notice:
                    Explicit Text: 

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://www.e-szigno.hu/RootCA.crl
                  URI:ldap://ldap.e-szigno.hu/CN=Microsec%20e-Szigno%20Root%20CA,OU=e-Szigno%20CA,O=Microsec%20Ltd.,L=Budapest,C=HU?certificateRevocationList;binary

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                email:info, DirName:/CN=Microsec e-Szign\xC3\xB3 Root CA/OU=e-Szign\xC3\xB3 HSZ/O=Microsec Kft./L=Budapest/C=HU
            X509v3 Authority Key Identifier: 
                keyid:C7:A0:49:75:16:61:84:DB:31:4B:84:D2:F1:37:40:90:EF:4E:DC:F7
                DirName:/C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA
                serial:CC:B8:E7:BF:4E:29:1A:FD:A2:DC:66:A5:1C:2C:0F:11

            X509v3 Subject Key Identifier: 
                C7:A0:49:75:16:61:84:DB:31:4B:84:D2:F1:37:40:90:EF:4E:DC:F7
    Signature Algorithm: sha1WithRSAEncryption
         d3:13:9c:66:63:59:2e:ca:5c:70:0c:fc:83:bc:55:b1:f4:8e:
         07:6c:66:27:ce:c1:3b:20:a9:1c:bb:46:54:70:ee:5a:cc:a0:
         77:ea:68:44:27:eb:f2:29:dd:77:a9:d5:fb:e3:d4:a7:04:c4:
         95:b8:0b:e1:44:68:60:07:43:30:31:42:61:e5:ee:d9:e5:24:
         d5:1b:df:e1:4a:1b:aa:9f:c7:5f:f8:7a:11:ea:13:93:00:ca:
         8a:58:b1:ee:ed:0e:4d:b4:d7:a8:36:26:7c:e0:3a:c1:d5:57:
         82:f1:75:b6:fd:89:5f:da:f3:a8:38:9f:35:06:08:ce:22:95:
         be:cd:d5:fc:be:5b:de:79:6b:dc:7a:a9:65:66:be:b1:25:5a:
         5f:ed:7e:d3:ac:46:6d:4c:f4:32:87:b4:20:04:e0:6c:78:b0:
         77:d1:85:46:4b:a6:12:b7:75:e8:4a:c9:56:6c:d7:92:ab:9d:
         f5:49:38:d2:4f:53:e3:55:90:11:db:98:96:c6:49:f2:3e:f4:
         9f:1b:e0:f7:88:dc:25:62:99:44:d8:73:bf:3f:30:f3:0c:37:
         3e:d4:c2:28:80:73:b1:01:b7:9d:5a:96:14:01:4b:a9:11:9d:
         29:6a:2e:d0:5d:81:c0:cf:b2:20:43:c7:03:e0:37:4e:5d:0a:
         dc:59:20:25

Comment 4 Kai Engert (:kaie) (inactive account) 2016-09-28 15:34:37 UTC

The certificate has expired, without any request to replace it.

We can wait for upstream to remove it, no further action seems necessary.

Closing.

Note You need to log in before you can comment on or make changes to this bug.