Hide Forgot
Description of problem: The consumer certificate generated for a client in /etc/pki/consumer has a CN w/ the UUID, and a SAN containing the host name, but it is marked as a URI instead of DNS name. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Register a client to Satellite 2. Examine the consumer certificate w/ openssl x509 -text -noout -in /etc/pki/consumer/cert.pem Actual results: Certificate contains a Subject Alternative Name of a URI type X509v3 Subject Alternative Name: URI:CN=sat-rhel7.example.com Expected results: SAN is a DNS Name. Additional info: Standard says if using URI it should actually be a URI.
Verified with Sat 6.4 snap 22. The host name is not called URI anymore: # openssl x509 -text -noout -in /etc/pki/consumer/cert.pem | grep 'Subject Alternative' -A1 X509v3 Subject Alternative Name: DirName:/CN=f319450d-a8b7-4ebd-9fbb-9261cd342531, DirName:/CN=<FQDN>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2927