Bug 1343040 - capsule-certs-generate command is not honoring the "--ca-common-name" flag
Summary: capsule-certs-generate command is not honoring the "--ca-common-name" flag
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installer
Version: 6.1.8
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: Unspecified
Assignee: Chris Roberts
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-06 11:52 UTC by Deepannagaraj Nagarathinam
Modified: 2020-07-16 08:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-25 21:21:02 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 16937 0 None None None 2016-10-14 13:44:10 UTC

Description Deepannagaraj Nagarathinam 2016-06-06 11:52:25 UTC
Description of problem:

Running the command capsule-certs-generate command with the "--ca-common-name" flag is not making the changes in the generated capsule certificate.

Version-Release number of selected component (if applicable):

- Red Hat Satellite v 6.1.9

How reproducible:

- Always

Steps to Reproduce:

1. Install a Satellite server with the hostname "satellite6-1.example.com".

2. Run the capsule certificate generate command as below.

------
# capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar ~/capsule.example.com-certs.tar --parent-fqdn satellite6-2.example.com --ca-common-name satellite6-2.example.com
------

Actual results:

- Capsule certificates are generated with the Satellite FQDN (satellite6-1.example.com).

Expected results:

- Capsule certificates should have the FQDN of the Satellite server hostname given in the command.

Additional info:

Comment 3 Stephen Benjamin 2016-10-14 13:44:08 UTC
Created redmine issue http://projects.theforeman.org/issues/16937 from this bug

Comment 4 Chris Roberts 2017-01-25 21:21:02 UTC
Fixed upstream:

Command:

[root@centos7 ~]# foreman-proxy-certs-generate --foreman-proxy-fqdn capsule.example.com --certs-tar /root/certs.tar --parent-fqdn centos7.example.com --ca-common-name centos7.example.com


Cert:

[root@centos7 capsule.example.com]# openssl x509 -in capsule.example.com-apache.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12862015082119411095 (0xb27f0e924171b597)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=centos7.example.com
        Validity
            Not Before: Jan 18 21:17:31 2017 GMT
            Not After : Jan 20 21:17:31 2037 GMT
        Subject: C=US, ST=North Carolina, O=Default_Organization, OU=SomeOrgUnit, CN=capsule.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bd:ee:4c:4c:fb:96:f9:00:b1:f9:af:b1:fb:1a:
                    16:b7:02:a9:d1:1b:f9:13:3a:b5:e2:3a:ca:0a:62:
                    26:d9:f4:00:af:e2:c6:a8:cc:f9:95:91:78:f8:e9:
                    5f:b5:73:0b:68:63:4c:40:21:83:b5:e1:b5:0f:cb:
                    e8:d3:2c:12:ec:f7:19:a6:90:be:12:3f:8c:2d:18:
                    1a:3c:b5:c1:ed:af:33:cb:f7:40:ac:37:e5:ff:8a:
                    ea:99:97:ae:35:2b:79:5b:98:b8:dd:e1:e0:a1:fe:
                    e8:e2:b6:45:97:a8:86:f5:fb:4c:3c:72:c2:13:5c:
                    2b:9e:fb:09:df:d2:91:e7:e3:da:77:60:90:a9:e2:
                    01:3c:fd:57:94:b8:f3:e2:da:80:be:6a:5b:57:b4:
                    be:77:57:ba:1f:73:4a:06:cb:61:91:bc:61:aa:5f:
                    96:71:9e:39:df:91:da:c8:5c:b0:5a:16:3a:ab:aa:
                    49:bf:73:26:14:79:bd:1b:1f:0a:1d:d5:b5:2c:56:
                    a7:ed:3a:e8:49:77:80:93:06:d2:04:92:d6:a4:04:
                    4c:42:69:39:34:6e:0e:14:6d:97:cd:ae:32:4f:d6:
                    cb:1b:c1:72:45:16:2a:97:f2:c1:a8:a3:05:7a:b0:
                    7e:b5:9f:12:db:5a:4c:49:f2:18:a0:c6:41:cc:16:
                    4d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                Katello SSL Tool Generated Certificate
            X509v3 Subject Key Identifier: 
                61:B5:9E:21:DD:6C:7C:DB:02:D7:8F:10:35:A4:12:9F:76:80:A7:B8
            X509v3 Authority Key Identifier: 
                keyid:B9:6F:DA:FF:E1:11:82:BD:84:6F:34:6C:B9:A3:88:95:2C:7B:D0:55
                DirName:/C=US/ST=North Carolina/L=Raleigh/O=Katello/OU=SomeOrgUnit/CN=centos7.example.com
                serial:B2:7F:0E:92:41:71:B5:8A

            X509v3 Subject Alternative Name: 
                DNS:capsule.example.com
    Signature Algorithm: sha256WithRSAEncryption
         90:a3:d3:a7:cb:28:48:4b:75:f7:4a:cd:db:eb:d7:bd:1e:c4:
         97:65:1e:93:27:e4:7f:6c:f4:8d:a4:0c:a1:d5:5c:07:b3:f7:
         17:9b:99:e9:4d:89:ed:0f:dd:28:74:55:4b:41:56:b3:05:cb:
         2e:ea:46:ef:87:de:0e:82:7c:72:e2:d9:30:d8:15:75:1d:57:
         97:fb:2d:25:70:5b:a3:dc:01:86:16:5a:34:b4:35:5e:98:ac:
         2b:5f:e3:05:09:12:ee:9e:aa:6c:da:ae:f0:fd:90:70:17:7b:
         28:57:8e:31:b1:ef:53:71:55:ea:3f:e8:15:1e:aa:0b:80:1d:
         a4:bf:32:b6:ae:e5:73:56:24:49:c4:d1:6d:4e:05:48:1a:f9:
         d0:e6:10:07:c3:8d:ae:49:84:39:3e:a0:00:10:01:33:62:b9:
         f8:03:05:1c:e4:a4:6f:66:3f:14:18:d1:de:b1:86:ab:94:42:
         d7:09:20:07:a4:8f:b2:5d:39:b9:5a:49:e4:7d:f8:b7:ea:95:
         1d:62:04:da:cb:bd:43:2d:85:a7:37:be:bf:7e:e6:41:0d:8a:
         06:5d:8a:45:41:b9:8d:a2:6a:92:cb:40:6c:6f:76:42:16:43:
         b1:36:20:e5:f9:6f:85:f6:32:20:44:99:be:50:59:1b:95:e3:
         cb:07:8c:44

Marking this as CLOSED UPSTREAM


Note You need to log in before you can comment on or make changes to this bug.