Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1343040 - capsule-certs-generate command is not honoring the "--ca-common-name" flag
Summary: capsule-certs-generate command is not honoring the "--ca-common-name" flag
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installation
Version: 6.1.8
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: Unspecified
Assignee: Chris Roberts
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-06 11:52 UTC by Deepannagaraj Nagarathinam
Modified: 2020-07-16 08:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-25 21:21:02 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 16937 0 None None None 2016-10-14 13:44:10 UTC

Description Deepannagaraj Nagarathinam 2016-06-06 11:52:25 UTC
Description of problem:

Running the command capsule-certs-generate command with the "--ca-common-name" flag is not making the changes in the generated capsule certificate.

Version-Release number of selected component (if applicable):

- Red Hat Satellite v 6.1.9

How reproducible:

- Always

Steps to Reproduce:

1. Install a Satellite server with the hostname "satellite6-1.example.com".

2. Run the capsule certificate generate command as below.

------
# capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar ~/capsule.example.com-certs.tar --parent-fqdn satellite6-2.example.com --ca-common-name satellite6-2.example.com
------

Actual results:

- Capsule certificates are generated with the Satellite FQDN (satellite6-1.example.com).

Expected results:

- Capsule certificates should have the FQDN of the Satellite server hostname given in the command.

Additional info:

Comment 3 Stephen Benjamin 2016-10-14 13:44:08 UTC
Created redmine issue http://projects.theforeman.org/issues/16937 from this bug

Comment 4 Chris Roberts 2017-01-25 21:21:02 UTC
Fixed upstream:

Command:

[root@centos7 ~]# foreman-proxy-certs-generate --foreman-proxy-fqdn capsule.example.com --certs-tar /root/certs.tar --parent-fqdn centos7.example.com --ca-common-name centos7.example.com


Cert:

[root@centos7 capsule.example.com]# openssl x509 -in capsule.example.com-apache.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12862015082119411095 (0xb27f0e924171b597)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=centos7.example.com
        Validity
            Not Before: Jan 18 21:17:31 2017 GMT
            Not After : Jan 20 21:17:31 2037 GMT
        Subject: C=US, ST=North Carolina, O=Default_Organization, OU=SomeOrgUnit, CN=capsule.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bd:ee:4c:4c:fb:96:f9:00:b1:f9:af:b1:fb:1a:
                    16:b7:02:a9:d1:1b:f9:13:3a:b5:e2:3a:ca:0a:62:
                    26:d9:f4:00:af:e2:c6:a8:cc:f9:95:91:78:f8:e9:
                    5f:b5:73:0b:68:63:4c:40:21:83:b5:e1:b5:0f:cb:
                    e8:d3:2c:12:ec:f7:19:a6:90:be:12:3f:8c:2d:18:
                    1a:3c:b5:c1:ed:af:33:cb:f7:40:ac:37:e5:ff:8a:
                    ea:99:97:ae:35:2b:79:5b:98:b8:dd:e1:e0:a1:fe:
                    e8:e2:b6:45:97:a8:86:f5:fb:4c:3c:72:c2:13:5c:
                    2b:9e:fb:09:df:d2:91:e7:e3:da:77:60:90:a9:e2:
                    01:3c:fd:57:94:b8:f3:e2:da:80:be:6a:5b:57:b4:
                    be:77:57:ba:1f:73:4a:06:cb:61:91:bc:61:aa:5f:
                    96:71:9e:39:df:91:da:c8:5c:b0:5a:16:3a:ab:aa:
                    49:bf:73:26:14:79:bd:1b:1f:0a:1d:d5:b5:2c:56:
                    a7:ed:3a:e8:49:77:80:93:06:d2:04:92:d6:a4:04:
                    4c:42:69:39:34:6e:0e:14:6d:97:cd:ae:32:4f:d6:
                    cb:1b:c1:72:45:16:2a:97:f2:c1:a8:a3:05:7a:b0:
                    7e:b5:9f:12:db:5a:4c:49:f2:18:a0:c6:41:cc:16:
                    4d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                Katello SSL Tool Generated Certificate
            X509v3 Subject Key Identifier: 
                61:B5:9E:21:DD:6C:7C:DB:02:D7:8F:10:35:A4:12:9F:76:80:A7:B8
            X509v3 Authority Key Identifier: 
                keyid:B9:6F:DA:FF:E1:11:82:BD:84:6F:34:6C:B9:A3:88:95:2C:7B:D0:55
                DirName:/C=US/ST=North Carolina/L=Raleigh/O=Katello/OU=SomeOrgUnit/CN=centos7.example.com
                serial:B2:7F:0E:92:41:71:B5:8A

            X509v3 Subject Alternative Name: 
                DNS:capsule.example.com
    Signature Algorithm: sha256WithRSAEncryption
         90:a3:d3:a7:cb:28:48:4b:75:f7:4a:cd:db:eb:d7:bd:1e:c4:
         97:65:1e:93:27:e4:7f:6c:f4:8d:a4:0c:a1:d5:5c:07:b3:f7:
         17:9b:99:e9:4d:89:ed:0f:dd:28:74:55:4b:41:56:b3:05:cb:
         2e:ea:46:ef:87:de:0e:82:7c:72:e2:d9:30:d8:15:75:1d:57:
         97:fb:2d:25:70:5b:a3:dc:01:86:16:5a:34:b4:35:5e:98:ac:
         2b:5f:e3:05:09:12:ee:9e:aa:6c:da:ae:f0:fd:90:70:17:7b:
         28:57:8e:31:b1:ef:53:71:55:ea:3f:e8:15:1e:aa:0b:80:1d:
         a4:bf:32:b6:ae:e5:73:56:24:49:c4:d1:6d:4e:05:48:1a:f9:
         d0:e6:10:07:c3:8d:ae:49:84:39:3e:a0:00:10:01:33:62:b9:
         f8:03:05:1c:e4:a4:6f:66:3f:14:18:d1:de:b1:86:ab:94:42:
         d7:09:20:07:a4:8f:b2:5d:39:b9:5a:49:e4:7d:f8:b7:ea:95:
         1d:62:04:da:cb:bd:43:2d:85:a7:37:be:bf:7e:e6:41:0d:8a:
         06:5d:8a:45:41:b9:8d:a2:6a:92:cb:40:6c:6f:76:42:16:43:
         b1:36:20:e5:f9:6f:85:f6:32:20:44:99:be:50:59:1b:95:e3:
         cb:07:8c:44

Marking this as CLOSED UPSTREAM


Note You need to log in before you can comment on or make changes to this bug.