1458055 – dont reuse IVs in the CMC code

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1458055 - dont reuse IVs in the CMC code

Summary: dont reuse IVs in the CMC code

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	pki-core
Sub Component:
Version:	7.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Ade Lee
QA Contact:	Asha Akkiangady
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-01 22:03 UTC by Matthew Harmsen
Modified:	2020-10-04 21:31 UTC (History)
CC List:	9 users (show)
Fixed In Version:	pki-core-10.4.1-9.el7
Doc Type:	Enhancement
Doc Text:	CMC requests now use a random IV for AES and 3DES encryption With this update, Certificate Management over CMS (CMC) requests in PKI Server use a randomly generated initialization vector (IV) when encrypting a key to be archived. Previously, the client and server code used a fixed IV in this scenario. The CMC client code has been enhanced, and as a result, using random IVs increase security when performing encryption for both Advanced Encryption Standard (AES) and Triple Data Encryption Algorithm (3DES).
Clone Of:
Environment:
Last Closed:	2017-08-01 22:52:53 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	dogtagpki pki issues 2842	0	None	None	None	2020-10-04 21:31:32 UTC
Red Hat Product Errata	RHBA-2017:2110	0	normal	SHIPPED_LIVE	pki-core bug fix and enhancement update	2017-08-01 19:36:59 UTC

Description Matthew Harmsen 2017-06-01 22:03:09 UTC

This bug is created as a clone of upstream ticket:
https://pagure.io/dogtagpki/issue/2722

dont reuse IVs in the CMC code.  Its bad ju-ju!

Comment 3 Ade Lee 2017-06-09 00:24:59 UTC

commit 5bf30f2f6a52b7164ba31ab12ed2317b2c572610
Author: Ade Lee <alee>
Date:   Thu Jun 8 16:08:30 2017 -0400

    Stop using hardcoded IV in CMC
    
    Bugzilla #BZ 1458055
    
    Change-Id: I229d7f18c46f0b55ec83f051614de1b59e125b82

Comment 5 Geetika Kapoor 2017-06-22 09:55:17 UTC

Could you please share some testing steps for this Bugzilla.
Thanks!!

Comment 6 Christina Fu 2017-06-22 21:16:00 UTC

The randomized IVs are inherent in the code so there is no special config or anything.  Just do the CMC EncryptedPOP DecryptedPOP as exampled here:
http://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_(RFC5272)#User-signed_CMC_request_Without_POP_.28Encrypted_POP_.2F_Decrypted_POP.29

then you are exercising the code in this bug.

Comment 7 Geetika Kapoor 2017-06-27 19:38:26 UTC

Test build:

rpm -qa pki-ca
pki-ca-10.4.1-10.el7.noarch

Test Steps:

[root@pki1 certs_db]# CRMFPopClient -d . -p SECret.123 -n "cn=Test11, uid=Testing, ou=test" -q POP_NONE -b kra.transport  -w "AES/CBC/PKCS5Padding" -v -o  user-signed/crmf2.req
Initializing security database: .
Loading transport certificate
Parsing subject DN
RDN: OU=test
RDN: UID=Testing
RDN: CN=Test11
Generating key pair
Keypair private key id: -a2c7a2c613c6429defbb108dba85cdedb27522a
Using key wrap algorithm: AES/CBC/PKCS5Padding
Creating certificate request
Creating CRMF request
Storing CRMF requrest into user-signed/crmf2.req
[root@pki1 certs_db]# vi user-signed/cmc-crmf-EncryptedPOP.cfg
[root@pki1 certs_db]# vi user-signed/cmc-crmf-DecryptedPOP.cfg
[root@pki1 certs_db]# CMCRequest  user-signed/cmc-crmf-EncryptedPOP.cfg

cert/key prefix = 
path = /opt/rhqa_pki/certs_db/
CryptoManger initialized
token internal logged in...
got signerCert: user_geetika
createPKIData: begins
k=0
createPKIData:  format: crmf
identification control: identification =testuser
Successfully create identification control. bpid = 1

selfSign is false...
signData: begins: 
getPrivateKey: got signing cert
signData:  got signer privKey
createSignedData: begins
getSigningAlgFromPrivate: begins.
getSigningAlgFromPrivate: found signingKeyType=RSA
getSigningAlgFromPrivate: using SignatureAlgorithm: RSASignatureWithSHA256Digest
createSignedData: digest created for pkidata
createSignedData: digest algorithm =RSA
createSignedData: building cert chain
signData: signed request generated.
getCMCBlob: begins
getCMCBlob: generating signed data

The CMC enrollment request in base-64 encoded format:

MIIRlwYJKoZIhvcNAQcCoIIRiDCCEYQCAQMxDzANBglghkgBZQMEAgEFADCCB8QG
CCsGAQUFBwwCoIIHtgSCB7IwggeuMBswGQIBAQYIKwYBBQUHBwIxCgwIdGVzdHVz
ZXIwggeJoYIHhTCCB4ECAQEwggFmgAECpTswOTENMAsGA1UECxMEdGVzdDEXMBUG
CgmSJomT8ixkAQETB1Rlc3RpbmcxDzANBgNVBAMTBlRlc3QxMaaCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALEP9SkCK54FRtfQZ7bg0551ziECC4RDHwBv
1mfW9d+NWiEMPM6h49rVnp+WQt1dqDn/PiJw6GVkL8U8O92/ECa9OjNPGMwWN5nO
2CFN5IJpCCFdkL9Um6M7W1yjglERSLXYCvJmvyYFUYQm+bBG18JVV/tUEqc71yrj
yHJq54qW+C8lluLnxxc513lJD3jBNyGHYI3KyhkiGrpPfB6HsSmHb/OAQG26kqN3
Gg290XsDVYnoDwERXWe5UDf4ckzOpBSC8kD+l/em5EbztbI5JjiOgN97Y+TxL/8+
981UMcBbNfJXZJBnz+3LqkK22mxPs4Mnf5OofuxLMhOiZGj5vJUCAwEAATCCBhAw
ggYMBgkrBgEFBQcFAQSgggX9MIIF+aEdBglghkgBZQMEAQIEEGGF9kHA/oE/upbD
PJP2tq2CggEBAJMetqldyvs3fKq02da+Q8KJHnIQJQYGNIi10HawHPWR/NsXK9K+
ccGPxe/21WF84mJFXbziWYwqkFYTKqR/xvH5F5Z+howtDy9esVRppeBqDsEhDW+K
U5JadQfmnAwSW3CJbp5gu7cByGhTWJdtIGMWfvLDU5tFZ1XRzNtCG4sKeNrzUTTl
Yg9b26FaCPz0czAsjrzacioXxUA+eQSzxSL7z9PLcRy4SHTJhhnAdyFY3QxjXGGL
jBBUMMKnc5pbAsqqwRQTK85xu49e08iVyI7e0EE4rf97KXfVilqJ+cbAPhE5I0jn
P79X6HulOkMy+n7vcIZr/i83EcGHn9OrnHEDggTRAGgbGIFr9LdgYXTVcjyRmaLp
kAUazx0CAnV856Y8AfCALTZNffDlYQa2W0tQekbHmH06vsvvij4VL3KhMcpPcHWe
JIUFc7jf0GT79t5/w+konmTsYD6UYwWyCiSzMqDMesQmpWe0ql1dOMftk/isULK1
rNTez9ONv0kI25hlhK0xmbu2DepiXirUMS/AV/7YxpUAibHp6sPzqq6l1Lz66YiD
E8f9aGbWhs5r2k3iTgenqy3vFS65zZ6kuNG/XAy7ICCivxd+DWR0f3hj4z6vlmNM
JXNu1I+vXp+3/h0+itbgpky+uM6AYsSXqUxm4Jx5oFKD0AsaUpM974rhnWyKijIN
j0cGn/HVmi+6QW0vy21oESfWbgc9GJfhUhsPH30k3ymrp2pjSbIq3tx/VZ5vBu6N
PuLAqA6Mw0BTBCCx7mM5W6d9CBuyzBetba+VhyozLEcYGW7Ob1EwLcIWTyttZJ7y
Mm+8MOoCQi6Soe54ml0aMjwmyjjm7llnLlvBXsB/gFk2H38tb9R3UBkx6g1EZFvi
80JqcN+odvQvwEI7ZlYZdZ4KNIqx0PcWch8sNArjSvgQByBKta3UfjeUXyvB4rFd
bER+jn3TxKfEAEWPkSqI6dG2BuA3Hy9vNShfzdbLbmzg8yrXHehuyx05hWfEChj2
Oxb+Zt+2qWnfa2Ab7wNFmoRIcJyCo+6EP9b5W0A6gic/o08UhhfWRj/jmqAz6k6H
Y5yTu/JjVqKupK7WFlUBASqTugkfHLbI8QrqLwsZ5T9PTeVhxA9akEvoOWGUUFUQ
ktq/ULMjcUoUZgBnWqqg5ass03mXB33HRWtOIqNz6RjStRnv3gZ8hABxUuINatrr
+DWBBkpZHpfZZfDf55yUJz1FwTvN05y9YoEXALuIJo0UbW0Gaa6FdRXCS+cbatxu
xvZxt0Ba7H/ciKAMhHPUozDkS1zZyuP5xQ9vvvbq24Y4BZbNaNGD+6Jhum1rhai1
Q7QHXyCB3+WMkjPUoBjBthFO1JGPE8A8uK14m7Ix02qK5/3moM4ryU/Bz0BlS0/A
uiZ5psjGTQ85GcKOr8y14XUZrg2sEN941aHDok9Kz4nXSQbb7LdB24VlxN4jKrye
ekH/0P0AUO66nMdZ4Y15cY9koPvjp27aXorwLngz50hIEROtsfjYzQXsIZoJSjzd
x0rX4Oi+BwpQy3OCGoTlBE/yS0SIjOeeJwbU1FbqtiEsv8WeeUrvIp+MrP9FsTfb
R9VaRsEJu1mYRWOaotARuFo12PusntWhgPN8eOHoZI0ZfpveMtekE9DLPBX4HWuH
3ur06zt8+ZNpSVfzE2XdiFx0lW7cXMPlKj38vJBjgRQMTtGy5YNFRTXD4JE7E1zl
QxFf9UGvrkZGXfhjY3sm1kprPfSZC/u5w3pmwxHAfgHTWyyMOMtotKwGx4CmRC64
XA1sb+MVsa+UbjDYtkOQtu7TJ6lUycv7J5wddYizL74ZWthXoPNQLTmTQA4JkbnT
YPHYC8B5Sg4AgRrgZbw4qWT2hlsgTUUiX3WBnUfgpkxiCHFK8zNsOO6Nne4XbGFn
cfUdGrRTdRTXgkJ5nWCvkySmXfB64LrVuk0RfQpF0g9j719zf1dL7DymJANunbUP
XkTULmCPU7HZXmYbMPuUMAAwAKCCB8EwggPGMIICrqADAgECAggYABgAGAAYCTAN
BgkqhkiG9w0BAQ0FADBcMR8wHQYDVQQKDBZFeGFtcGxlLVRlc3QtcmhlbC1maXBz
MRgwFgYDVQQLDA9wa2ktUm9vdENBLUNNQzMxHzAdBgNVBAMMFkNBIFNpZ25pbmcg
Q2VydGlmaWNhdGUwHhcNMTcwNjI3MDk1MjE3WhcNMTcxMjI0MTA1MjE3WjA5MQ0w
CwYDVQQLEwR0ZXN0MRcwFQYKCZImiZPyLGQBARMHVGVzdGluZzEPMA0GA1UEAxMG
VGVzdDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZKUEL81DFnH
7aBRot/U2H11APHdFjQDptYIpRF6CFi9iBpKOdMv/h7jpqrPP7ynWgqwoBFBnygk
YH6f/ANsaWvmP1L4CkypvBzTxLBWUVQ7OhXfO7qR4TwyiJw/qLvaGzkcl6hg9LsB
m37hneNjcOGDESAzQgiy7tG7bDfcklQrpSIOV1bYJdpOrVf86c4v4U0Up4FX2UBY
VVme5wpleki/h1sbAVqyJ8UGlVgoF9agifslHs+QoYjnor9OLQ0qX+q2Qapp7fqT
6bVAgznHw/7rvfMRMuSHpAt7SuYfldEaHKbtnQwAAG9wwgiCCD4keT8yzPYTOl+a
bm65rdulxwIDAQABo4GuMIGrMB8GA1UdIwQYMBaAFLrShcsVxSboEFFL8E/BSBCk
UN+CMFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAYY9aHR0cDovL2NzcWE0LWd1
ZXN0MDQuaWRtLmxhYi5lbmcucmR1LnJlZGhhdC5jb206MjUwODAvY2Evb2NzcDAO
BgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0G
CSqGSIb3DQEBDQUAA4IBAQCm+xSlktVNhpgZv8Sok9nC9obAZetlwJLYAfLTOvoO
4//qbily9ZZWrHnfO2DyZpwbOFLPh5PEU/SD4RInchgMAx/BjRs2I1AxN0PDWJwe
YSpOGPutTlwv/FxYHP5jVwP3P0XW+bb/fo8eQpkWlaAZFgbwtmnlKb1yY56rLs7+
i46nrMPJUOY0LjNfdwTQRFq2fWFffd1+G/chFIbBMc/0U+mmvRBSkOTxa9DBMg5j
XCg3wvHX81NWls7b6yJg024GmA66DWWKen39hYt5Fn2pfRCFb3vBHHcF4wDmI9Sp
0xWfX7FC4pkJofvrDj4fk6IABnpGK7LEK1LDEJGkDmqBMIID8zCCAtugAwIBAgIB
ATANBgkqhkiG9w0BAQ0FADBcMR8wHQYDVQQKDBZFeGFtcGxlLVRlc3QtcmhlbC1m
aXBzMRgwFgYDVQQLDA9wa2ktUm9vdENBLUNNQzMxHzAdBgNVBAMMFkNBIFNpZ25p
bmcgQ2VydGlmaWNhdGUwHhcNMTcwNjA3MTYxNDE1WhcNMzcwNjA3MTYxNDE1WjBc
MR8wHQYDVQQKDBZFeGFtcGxlLVRlc3QtcmhlbC1maXBzMRgwFgYDVQQLDA9wa2kt
Um9vdENBLUNNQzMxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+X0+h1rnkLh5AwxNV0tW612hQ
HWMfXhqrF3ekX4ikSqw+PO58V63CuLyNf0WhIBqCW2elpZVt5Olq3vEeXySjCFeO
3TH0MQNC4cfFntACkDx0cimzAALOUNP0VhTmqY0AHzfj52OvfX+XZ6EQ6DgLaVcQ
pEdFR9pR2lILSunPnqa77zRKOX1XogGn0nStfqiDIEIlx6uCaDqS4YbpEnRSrTzR
AisIERpVamCj6e7LEsJIsCnkekt6oSAdbqOnhNPtTJJAm8uW6uL/8UFyZ5BM9hC8
BBxuyNDUwNK5hHyEeBsMeSDnTN8wRvihAsKr2GLM8XlNWAV3/UEo++e7AjPHAgMB
AAGjgb8wgbwwHwYDVR0jBBgwFoAUutKFyxXFJugQUUvwT8FIEKRQ34IwDwYDVR0T
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFLrShcsVxSboEFFL
8E/BSBCkUN+CMFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAYY9aHR0cDovL2Nz
cWE0LWd1ZXN0MDQuaWRtLmxhYi5lbmcucmR1LnJlZGhhdC5jb206MjUwODAvY2Ev
b2NzcDANBgkqhkiG9w0BAQ0FAAOCAQEAZd9zih/CNIM6YJeMs9LO2HJUT80dxvCB
FvOKyAwEXtg3VLiOBgO61WD08gXxxklUEPuOJxkaH4n1LKMKvAAgwhrj1L9d2Ka9
8Yv35XnOam3K4XM3tOJ1lbVuW+IISiLv03RvFx6SL+uYZKtm3K6nSf63aO8Q0VUz
tYpUJC52BGWlSkjuIaR+bJvmf/K3tWmI45LD4aIjN0kf7r3Wsl1bvUuY0ohesTOO
50D9BRmnE/tN9fVLQcxhxB8/KNrOuRJTHITDvmU48VJToIa/We0MNzwd4VU162J1
JvmBkbokLk5D3KAMKC0Fp6tMtKQitpeJgPn8L6FOQG58sLMhSKKlfzGCAd8wggHb
AgEDMGgwXDEfMB0GA1UECgwWRXhhbXBsZS1UZXN0LXJoZWwtZmlwczEYMBYGA1UE
CwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmlj
YXRlAggYABgAGAAYCTANBglghkgBZQMEAgEFAKBKMBcGCSqGSIb3DQEJAzEKBggr
BgEFBQcMAjAvBgkqhkiG9w0BCQQxIgQgc4qxU3EvEn3ruB+Ho8rcE8WPZaGQu6XF
PrQx7W6Rm9owDQYJKoZIhvcNAQEBBQAEggEAs/37iwqQl5Ph8DqqnG47km/bc4Gn
5CgGPO/LLSlJ6u/MiYP+e/CTdnMIjuBQVJ9pFI+DYmK2k/gvmy6CphX2ccaN2MUQ
lD5HBwgsTR6yOSDBdkO50QPk59fIujhIuUMzwMQAgv3VnZ5sBiTza/wwEvEEUiuk
7KACDvIrmSRcW8w92Gxe5K/7VBv5NsALNEdb/63h052wPV06Alp1wZ4FN1XGJRTg
ieviOFobNt/ckGE121gL+SZiRm30p5+2l8Gh2FaUbNDn0y08VicFtz5TcNzw0hkP
OW/anNmXdF4KJfQTNk2k+czEoRlg8xQd7cl/AD8GdGvCWydU6XL6fJ4YZg==



The CMC enrollment request in binary format is stored in user-signed/cmc2.req.
[root@pki1 certs_db]# HttpClient user-signed/HttpClient-cmc-crmf-EncryptedPOP.cfg

Total number of bytes read = 4507
after SSLSocket created, thread token is NSS FIPS 140-2 User Private Key
client cert is not null
handshake happened
writing to socket
Total number of bytes read = 4143
MIIQKwYJKoZIhvcNAQcCoIIQHDCCEBgCAQMxDzANBglghkgBZQMEAgMFADCCCgkG
CCsGAQUFBwwDoIIJ+wSCCfcwggnzMIIJ6zCCCbQCAQEGCCsGAQUFBwcJMYIJozCC
CZ+hggeFMIIHgQIBATCCAWaAAQKlOzA5MQ0wCwYDVQQLEwR0ZXN0MRcwFQYKCZIm
iZPyLGQBARMHVGVzdGluZzEPMA0GA1UEAxMGVGVzdDExpoIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAsQ/1KQIrngVG19BntuDTnnXOIQILhEMfAG/WZ9b1
341aIQw8zqHj2tWen5ZC3V2oOf8+InDoZWQvxTw73b8QJr06M08YzBY3mc7YIU3k
gmkIIV2Qv1SboztbXKOCURFItdgK8ma/JgVRhCb5sEbXwlVX+1QSpzvXKuPIcmrn
ipb4LyWW4ufHFznXeUkPeME3IYdgjcrKGSIauk98HoexKYdv84BAbbqSo3caDb3R
ewNViegPARFdZ7lQN/hyTM6kFILyQP6X96bkRvO1sjkmOI6A33tj5PEv/z73zVQx
wFs18ldkkGfP7cuqQrbabE+zgyd/k6h+7EsyE6JkaPm8lQIDAQABMIIGEDCCBgwG
CSsGAQUFBwUBBKCCBf0wggX5oR0GCWCGSAFlAwQBAgQQYYX2QcD+gT+6lsM8k/a2
rYKCAQEAkx62qV3K+zd8qrTZ1r5DwokechAlBgY0iLXQdrAc9ZH82xcr0r5xwY/F
7/bVYXziYkVdvOJZjCqQVhMqpH/G8fkXln6GjC0PL16xVGml4GoOwSENb4pTklp1
B+acDBJbcIlunmC7twHIaFNYl20gYxZ+8sNTm0VnVdHM20Ibiwp42vNRNOViD1vb
oVoI/PRzMCyOvNpyKhfFQD55BLPFIvvP08txHLhIdMmGGcB3IVjdDGNcYYuMEFQw
wqdzmlsCyqrBFBMrznG7j17TyJXIjt7QQTit/3spd9WKWon5xsA+ETkjSOc/v1fo
e6U6QzL6fu9whmv+LzcRwYef06uccQOCBNEAaBsYgWv0t2BhdNVyPJGZoumQBRrP
HQICdXznpjwB8IAtNk198OVhBrZbS1B6RseYfTq+y++KPhUvcqExyk9wdZ4khQVz
uN/QZPv23n/D6SieZOxgPpRjBbIKJLMyoMx6xCalZ7SqXV04x+2T+KxQsrWs1N7P
042/SQjbmGWErTGZu7YN6mJeKtQxL8BX/tjGlQCJsenqw/OqrqXUvPrpiIMTx/1o
ZtaGzmvaTeJOB6erLe8VLrnNnqS40b9cDLsgIKK/F34NZHR/eGPjPq+WY0wlc27U
j69en7f+HT6K1uCmTL64zoBixJepTGbgnHmgUoPQCxpSkz3viuGdbIqKMg2PRwaf
8dWaL7pBbS/LbWgRJ9ZuBz0Yl+FSGw8ffSTfKaunamNJsire3H9Vnm8G7o0+4sCo
DozDQFMEILHuYzlbp30IG7LMF61tr5WHKjMsRxgZbs5vUTAtwhZPK21knvIyb7ww
6gJCLpKh7niaXRoyPCbKOObuWWcuW8FewH+AWTYffy1v1HdQGTHqDURkW+LzQmpw
36h29C/AQjtmVhl1ngo0irHQ9xZyHyw0CuNK+BAHIEq1rdR+N5RfK8HisV1sRH6O
fdPEp8QARY+RKojp0bYG4DcfL281KF/N1stubODzKtcd6G7LHTmFZ8QKGPY7Fv5m
37apad9rYBvvA0WahEhwnIKj7oQ/1vlbQDqCJz+jTxSGF9ZGP+OaoDPqTodjnJO7
8mNWoq6krtYWVQEBKpO6CR8ctsjxCuovCxnlP09N5WHED1qQS+g5YZRQVRCS2r9Q
syNxShRmAGdaqqDlqyzTeZcHfcdFa04io3PpGNK1Ge/eBnyEAHFS4g1q2uv4NYEG
Slkel9ll8N/nnJQnPUXBO83TnL1igRcAu4gmjRRtbQZproV1FcJL5xtq3G7G9nG3
QFrsf9yIoAyEc9SjMORLXNnK4/nFD2++9urbhjgFls1o0YP7omG6bWuFqLVDtAdf
IIHf5YySM9SgGMG2EU7UkY8TwDy4rXibsjHTaorn/eagzivJT8HPQGVLT8C6Jnmm
yMZNDzkZwo6vzLXhdRmuDawQ33jVocOiT0rPiddJBtvst0HbhWXE3iMqvJ56Qf/Q
/QBQ7rqcx1nhjXlxj2Sg++OnbtpeivAueDPnSEgRE62x+NjNBewhmglKPN3HStfg
6L4HClDLc4IahOUET/JLRIiM554nBtTUVuq2ISy/xZ55Su8in4ys/0WxN9tH1VpG
wQm7WZhFY5qi0BG4WjXY+6ye1aGA83x44ehkjRl+m94y16QT0Ms8Ffgda4fe6vTr
O3z5k2lJV/MTZd2IXHSVbtxcw+UqPfy8kGOBFAxO0bLlg0VFNcPgkTsTXOVDEV/1
Qa+uRkZd+GNjeybWSms99JkL+7nDembDEcB+AdNbLIw4y2i0rAbHgKZELrhcDWxv
4xWxr5RuMNi2Q5C27tMnqVTJy/snnB11iLMvvhla2Feg81AtOZNADgmRudNg8dgL
wHlKDgCBGuBlvDipZPaGWyBNRSJfdYGdR+CmTGIIcUrzM2w47o2d7hdsYWdx9R0a
tFN1FNeCQnmdYK+TJKZd8HrgutW6TRF9CkXSD2PvX3N/V0vsPKYkA26dtQ9eRNQu
YI9TsdleZhsw+5QwggHEBgkqhkiG9w0BBwOgggG1MIIBsQIBADGCATwwggE4AgEA
MCAwGzEZMBcGA1UEAxMQdW5Vc2VkSXNzdWVyTmFtZQIBADANBgkqhkiG9w0BAQEF
AASCAQCWON/68FhtWK69wqDiu1HFodXSAQgfOGVcY3m0F6ELgubcqSU30+XMOSGp
WCT96rWIjhghfik+ovzGmfykveK7R1F4J3em5h+gOyVIOeLlthIhjC24K0nuExOK
gb8sYjwUL7g4iUoaxPDcoHJ0VZ59o41ReALuGZaT01Y3Q5/Uc6qacV3tgw9BSYgi
Eu0Pa2s1VoPVWDwsh2QIoxL2j7/px3qOv8GaWHuiMne3ROSz+VKD8CzHh/amayqe
dCQEjToJS7LTCvg7r246RKKWyQVJfhnN5zOkJXV2UYhsTfU9vyFGOqfKSpDyn5hz
c7GWqP3Ezc5ZhRrR4EwCs7sGEOeCMGwGCSqGSIb3DQEHATAdBglghkgBZQMEAQIE
EAEBAQEBAQEBAQEBAQEBAQGAQJ2HqdIHu24icWx1rHckcdyfNc2oekyh5WSgsKu4
ZprB+qOG7Z5MR/P5AxrEOc43YHGi37Ex8jrHWxpe7iqRYtowHQYJYIZIAWUDBAEC
BBDUAB7MbimlD/4X2dVHW/ftMAsGCWCGSAFlAwQCAQQg9MuP3RFATrLBn4bWujPd
D6OrUvGZh3vsSvpYaANxC3AwMQIBAgYIKwYBBQUHBwExIjAgAgEDMAMCAQEwFgQD
MTQ4GA8yMDE3MDYyODA1NDU1MFowADAAoIID9zCCA/MwggLboAMCAQICAQEwDQYJ
KoZIhvcNAQENBQAwXDEfMB0GA1UECgwWRXhhbXBsZS1UZXN0LXJoZWwtZmlwczEY
MBYGA1UECwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYDVQQDDBZDQSBTaWduaW5nIENl
cnRpZmljYXRlMB4XDTE3MDYwNzE2MTQxNVoXDTM3MDYwNzE2MTQxNVowXDEfMB0G
A1UECgwWRXhhbXBsZS1UZXN0LXJoZWwtZmlwczEYMBYGA1UECwwPcGtpLVJvb3RD
QS1DTUMzMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl9Poda55C4eQMMTVdLVutdoUB1jH14a
qxd3pF+IpEqsPjzufFetwri8jX9FoSAagltnpaWVbeTpat7xHl8kowhXjt0x9DED
QuHHxZ7QApA8dHIpswACzlDT9FYU5qmNAB834+djr31/l2ehEOg4C2lXEKRHRUfa
UdpSC0rpz56mu+80Sjl9V6IBp9J0rX6ogyBCJcergmg6kuGG6RJ0Uq080QIrCBEa
VWpgo+nuyxLCSLAp5HpLeqEgHW6jp4TT7UySQJvLluri//FBcmeQTPYQvAQcbsjQ
1MDSuYR8hHgbDHkg50zfMEb4oQLCq9hizPF5TVgFd/1BKPvnuwIzxwIDAQABo4G/
MIG8MB8GA1UdIwQYMBaAFLrShcsVxSboEFFL8E/BSBCkUN+CMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBS60oXLFcUm6BBRS/BPwUgQ
pFDfgjBZBggrBgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly9jc3FhNC1n
dWVzdDA0LmlkbS5sYWIuZW5nLnJkdS5yZWRoYXQuY29tOjI1MDgwL2NhL29jc3Aw
DQYJKoZIhvcNAQENBQADggEBAGXfc4ofwjSDOmCXjLPSzthyVE/NHcbwgRbzisgM
BF7YN1S4jgYDutVg9PIF8cZJVBD7jicZGh+J9SyjCrwAIMIa49S/XdimvfGL9+V5
zmptyuFzN7TidZW1blviCEoi79N0bxceki/rmGSrZtyup0n+t2jvENFVM7WKVCQu
dgRlpUpI7iGkfmyb5n/yt7VpiOOSw+GiIzdJH+691rJdW71LmNKIXrEzjudA/QUZ
pxP7TfX1S0HMYcQfPyjazrkSUxyEw75lOPFSU6CGv1ntDDc8HeFVNetidSb5gZG6
JC5OQ9ygDCgtBaerTLSkIraXiYD5/C+hTkBufLCzIUiipX8xggH4MIIB9AIBAzBh
MFwxHzAdBgNVBAoMFkV4YW1wbGUtVGVzdC1yaGVsLWZpcHMxGDAWBgNVBAsMD3Br
aS1Sb290Q0EtQ01DMzEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZQIB
ATANBglghkgBZQMEAgMFAKBqMBcGCSqGSIb3DQEJAzEKBggrBgEFBQcMAzBPBgkq
hkiG9w0BCQQxQgRAuapZZuCLGJECcrk+qnjWsBcl03Ic+4ANyvqb6nGXSRjm8UZA
oPCEo3J4cyDGUX+xJtNW7f/TyxbQ80rv6MKGFjANBgkqhkiG9w0BAQEFAASCAQAN
S8zJNg78yoqdcVpUpDsvLehZ00iGyT0AXq+IbeVi+aEDWlW+QVBNGyJApHmYVHLm
Y6ZtUcHwAf1okAbcPTzICZacm1OurV+09ILh/5ci0Meu54mjXt1BIBW98UQIiqqq
8GqgJp3r9tDukUmNk+mg54bbejZZjcaG6V/fjUDbNdfhiD/MqldmQJQYlN3KuLOS
/E4odRnp9CN7o82m0O6m1uj1r54wlgeCx3bWmTCdEezk1beOl9pfKYlo+/SRp6S6
unHHsVoBjFgay4Jb+b0A8vLNcRhxWZx+k4NkwkSBsIWcQy1+ZVOe6JhcvfQucwPK
A5k1gfTrWAjWxO5sJyzb


The response in binary format is stored in user-signed/cmcResp2-round1

[root@pki1 certs_db]# CMCResponse -d . -i user-signed/cmcResp2-round1
Certificates: 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x1
            Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Issuer: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Validity: 
                Not Before: Wednesday, June 7, 2017 12:14:15 PM EDT America/New_York
                Not  After: Sunday, June 7, 2037 12:14:15 PM EDT America/New_York
            Subject: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        BE:5F:4F:A1:D6:B9:E4:2E:1E:40:C3:13:55:D2:D5:BA:
                        D7:68:50:1D:63:1F:5E:1A:AB:17:77:A4:5F:88:A4:4A:
                        AC:3E:3C:EE:7C:57:AD:C2:B8:BC:8D:7F:45:A1:20:1A:
                        82:5B:67:A5:A5:95:6D:E4:E9:6A:DE:F1:1E:5F:24:A3:
                        08:57:8E:DD:31:F4:31:03:42:E1:C7:C5:9E:D0:02:90:
                        3C:74:72:29:B3:00:02:CE:50:D3:F4:56:14:E6:A9:8D:
                        00:1F:37:E3:E7:63:AF:7D:7F:97:67:A1:10:E8:38:0B:
                        69:57:10:A4:47:45:47:DA:51:DA:52:0B:4A:E9:CF:9E:
                        A6:BB:EF:34:4A:39:7D:57:A2:01:A7:D2:74:AD:7E:A8:
                        83:20:42:25:C7:AB:82:68:3A:92:E1:86:E9:12:74:52:
                        AD:3C:D1:02:2B:08:11:1A:55:6A:60:A3:E9:EE:CB:12:
                        C2:48:B0:29:E4:7A:4B:7A:A1:20:1D:6E:A3:A7:84:D3:
                        ED:4C:92:40:9B:CB:96:EA:E2:FF:F1:41:72:67:90:4C:
                        F6:10:BC:04:1C:6E:C8:D0:D4:C0:D2:B9:84:7C:84:78:
                        1B:0C:79:20:E7:4C:DF:30:46:F8:A1:02:C2:AB:D8:62:
                        CC:F1:79:4D:58:05:77:FD:41:28:FB:E7:BB:02:33:C7
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: Basic Constraints - 2.5.29.19
                    Critical: yes 
                    Is CA: yes 
                    Path Length Constraint: UNLIMITED
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key CertSign 
                        Crl Sign 
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:4B:30:49:06:08:2B:06:01:05:05:07:30:01:86:3D:
                        68:74:74:70:3A:2F:2F:63:73:71:61:34:2D:67:75:65:
                        73:74:30:34:2E:69:64:6D:2E:6C:61:62:2E:65:6E:67:
                        2E:72:64:75:2E:72:65:64:68:61:74:2E:63:6F:6D:3A:
                        32:35:30:38:30:2F:63:61:2F:6F:63:73:70
        Signature: 
            Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Signature: 
                65:DF:73:8A:1F:C2:34:83:3A:60:97:8C:B3:D2:CE:D8:
                72:54:4F:CD:1D:C6:F0:81:16:F3:8A:C8:0C:04:5E:D8:
                37:54:B8:8E:06:03:BA:D5:60:F4:F2:05:F1:C6:49:54:
                10:FB:8E:27:19:1A:1F:89:F5:2C:A3:0A:BC:00:20:C2:
                1A:E3:D4:BF:5D:D8:A6:BD:F1:8B:F7:E5:79:CE:6A:6D:
                CA:E1:73:37:B4:E2:75:95:B5:6E:5B:E2:08:4A:22:EF:
                D3:74:6F:17:1E:92:2F:EB:98:64:AB:66:DC:AE:A7:49:
                FE:B7:68:EF:10:D1:55:33:B5:8A:54:24:2E:76:04:65:
                A5:4A:48:EE:21:A4:7E:6C:9B:E6:7F:F2:B7:B5:69:88:
                E3:92:C3:E1:A2:23:37:49:1F:EE:BD:D6:B2:5D:5B:BD:
                4B:98:D2:88:5E:B1:33:8E:E7:40:FD:05:19:A7:13:FB:
                4D:F5:F5:4B:41:CC:61:C4:1F:3F:28:DA:CE:B9:12:53:
                1C:84:C3:BE:65:38:F1:52:53:A0:86:BF:59:ED:0C:37:
                3C:1D:E1:55:35:EB:62:75:26:F9:81:91:BA:24:2E:4E:
                43:DC:A0:0C:28:2D:05:A7:AB:4C:B4:A4:22:B6:97:89:
                80:F9:FC:2F:A1:4E:40:6E:7C:B0:B3:21:48:A2:A5:7F
        FingerPrint
            MD2:
                14:1A:7B:AF:60:17:19:B0:FD:1B:1B:E2:5F:41:A3:6E
            MD5:
                2B:E4:D0:7B:91:FA:A0:E4:1D:29:AE:A7:92:33:C1:48
            SHA-1:
                47:AB:4E:9E:C9:FF:82:D2:CB:D5:32:F9:88:DF:78:66:
                2E:2F:A9:B9
            SHA-256:
                39:30:9C:47:C7:23:F0:6C:1C:3C:47:57:BC:27:91:B7:
                30:74:0B:B9:DC:92:31:8A:65:D7:7D:06:FE:17:61:C3
            SHA-512:
                03:03:91:47:B0:00:9D:E7:3B:54:B0:A1:62:BB:A6:0A:
                D4:30:A0:6F:CC:F5:F8:3F:ED:D4:B1:B0:0E:B3:9E:61:
                6E:77:6D:96:51:39:37:54:1E:79:80:51:61:4C:01:E2:
                50:D7:14:F5:9D:6C:AE:D0:1F:5C:11:27:86:3A:F5:99


Number of controls is 2
Control #0: CMC encrypted POP
   OID: {1 3 6 1 5 5 7 7 9}
after encryptedPOP encode
Control #1: CMCStatusInfo
   OID: {1 3 6 1 5 5 7 7 1}
   BodyList: 1 
   OtherInfo type: PEND
PendInfo present...processing...
   Date: 28/Jun/2017:01:45:50 EDT
   Pending request id: 148
[root@pki1 certs_db]# CMCRequest user-signed/cmc-crmf-DecryptedPOP.cfg

cert/key prefix = 
path = /opt/rhqa_pki/certs_db/
CryptoManger initialized
token internal logged in...
got signerCert: user_geetika
got request privKeyId: -a2c7a2c613c6429defbb108dba85cdedb27522a
got private key
processEncryptedPopResponse:  begins.
processEncryptedPopResponse:  previous response read.
processEncryptedPopResponse: Number of controls is 2
processEncryptedPopResponse: Control #0: CMC encrypted POP
processEncryptedPopResponse:    OID: {1 3 6 1 5 5 7 7 9}
processEncryptedPopResponse: encryptedPOP decoded successfully
processEncryptedPopResponse: Control #1: CMCStatusInfo
processEncryptedPopResponse:    OID: {1 3 6 1 5 5 7 7 1}
processEncryptedPopResponse:    BodyList: 1 
processEncryptedPopResponse:    OtherInfo type: PEND
processEncryptedPopResponse: PendInfo present...processing...
processEncryptedPopResponse:    Date: 28/Jun/2017:01:45:50 EDT
processEncryptedPopResponse:    Pending request id: 148
processEncryptedPopResponse:  what we expected, as encryptedPOP.enable is true;
processEncryptedPopResponse: ends
constructDecryptedPopRequest: begins
constructDecryptedPopRequest:  previous response parsed.
constructDecryptedPopRequest: symKey unwrapped.
constructDecryptedPopRequest: challenge decrypted.
CryptoUtil: getNameFromHashAlgorithm: {2 16 840 1 101 3 4 2 1}
constructDecryptedPopRequest: Yay! witness verified
constructDecryptedPopRequest: calculating POP Proof Value
constructDecryptedPopRequest: constructing DecryptedPOP...
constructDecryptedPopRequest: DecryptedPOP constructed successfully
constructDecryptedPopRequest: adding decryptedPop control
constructDecryptedPopRequest: decryptedPop control added
constructDecryptedPopRequest:  completes.
selfSign is false...
signData: begins: 
getPrivateKey: got signing cert
signData:  got signer privKey
createSignedData: begins
getSigningAlgFromPrivate: begins.
getSigningAlgFromPrivate: found signingKeyType=RSA
getSigningAlgFromPrivate: using SignatureAlgorithm: RSASignatureWithSHA256Digest
createSignedData: digest created for pkidata
createSignedData: digest algorithm =RSA
createSignedData: building cert chain
signData: signed request generated.
getCMCBlob: begins
getCMCBlob: generating signed data

The CMC enrollment request in base-64 encoded format:

MIIR1AYJKoZIhvcNAQcCoIIRxTCCEcECAQMxDzANBglghkgBZQMEAgEFADCCCAEG
CCsGAQUFBwwCoIIH8wSCB+8wggfrMFgwVgIBAQYIKwYBBQUHBwoxRzBFAgIAlDAd
BglghkgBZQMEAQIEENQAHsxuKaUP/hfZ1Udb9+0EIM92cg5YM+duxJIEHaCudaTu
9Bzi4lUxXoxCgIemjvl9MIIHiaGCB4UwggeBAgEBMIIBZoABAqU7MDkxDTALBgNV
BAsTBHRlc3QxFzAVBgoJkiaJk/IsZAEBEwdUZXN0aW5nMQ8wDQYDVQQDEwZUZXN0
MTGmggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxD/UpAiueBUbX0Ge2
4NOedc4hAguEQx8Ab9Zn1vXfjVohDDzOoePa1Z6flkLdXag5/z4icOhlZC/FPDvd
vxAmvTozTxjMFjeZztghTeSCaQghXZC/VJujO1tco4JREUi12AryZr8mBVGEJvmw
RtfCVVf7VBKnO9cq48hyaueKlvgvJZbi58cXOdd5SQ94wTchh2CNysoZIhq6T3we
h7Eph2/zgEBtupKjdxoNvdF7A1WJ6A8BEV1nuVA3+HJMzqQUgvJA/pf3puRG87Wy
OSY4joDfe2Pk8S//PvfNVDHAWzXyV2SQZ8/ty6pCttpsT7ODJ3+TqH7sSzITomRo
+byVAgMBAAEwggYQMIIGDAYJKwYBBQUHBQEEoIIF/TCCBfmhHQYJYIZIAWUDBAEC
BBBhhfZBwP6BP7qWwzyT9ratgoIBAQCTHrapXcr7N3yqtNnWvkPCiR5yECUGBjSI
tdB2sBz1kfzbFyvSvnHBj8Xv9tVhfOJiRV284lmMKpBWEyqkf8bx+ReWfoaMLQ8v
XrFUaaXgag7BIQ1vilOSWnUH5pwMEltwiW6eYLu3AchoU1iXbSBjFn7yw1ObRWdV
0czbQhuLCnja81E05WIPW9uhWgj89HMwLI682nIqF8VAPnkEs8Ui+8/Ty3EcuEh0
yYYZwHchWN0MY1xhi4wQVDDCp3OaWwLKqsEUEyvOcbuPXtPIlciO3tBBOK3/eyl3
1YpaifnGwD4ROSNI5z+/V+h7pTpDMvp+73CGa/4vNxHBh5/Tq5xxA4IE0QBoGxiB
a/S3YGF01XI8kZmi6ZAFGs8dAgJ1fOemPAHwgC02TX3w5WEGtltLUHpGx5h9Or7L
74o+FS9yoTHKT3B1niSFBXO439Bk+/bef8PpKJ5k7GA+lGMFsgokszKgzHrEJqVn
tKpdXTjH7ZP4rFCytazU3s/Tjb9JCNuYZYStMZm7tg3qYl4q1DEvwFf+2MaVAImx
6erD86qupdS8+umIgxPH/Whm1obOa9pN4k4Hp6st7xUuuc2epLjRv1wMuyAgor8X
fg1kdH94Y+M+r5ZjTCVzbtSPr16ft/4dPorW4KZMvrjOgGLEl6lMZuCceaBSg9AL
GlKTPe+K4Z1siooyDY9HBp/x1ZovukFtL8ttaBEn1m4HPRiX4VIbDx99JN8pq6dq
Y0myKt7cf1WebwbujT7iwKgOjMNAUwQgse5jOVunfQgbsswXrW2vlYcqMyxHGBlu
zm9RMC3CFk8rbWSe8jJvvDDqAkIukqHueJpdGjI8Jso45u5ZZy5bwV7Af4BZNh9/
LW/Ud1AZMeoNRGRb4vNCanDfqHb0L8BCO2ZWGXWeCjSKsdD3FnIfLDQK40r4EAcg
SrWt1H43lF8rweKxXWxEfo5908SnxABFj5EqiOnRtgbgNx8vbzUoX83Wy25s4PMq
1x3obssdOYVnxAoY9jsW/mbftqlp32tgG+8DRZqESHCcgqPuhD/W+VtAOoInP6NP
FIYX1kY/45qgM+pOh2Ock7vyY1airqSu1hZVAQEqk7oJHxy2yPEK6i8LGeU/T03l
YcQPWpBL6DlhlFBVEJLav1CzI3FKFGYAZ1qqoOWrLNN5lwd9x0VrTiKjc+kY0rUZ
794GfIQAcVLiDWra6/g1gQZKWR6X2WXw3+eclCc9RcE7zdOcvWKBFwC7iCaNFG1t
BmmuhXUVwkvnG2rcbsb2cbdAWux/3IigDIRz1KMw5Etc2crj+cUPb7726tuGOAWW
zWjRg/uiYbpta4WotUO0B18ggd/ljJIz1KAYwbYRTtSRjxPAPLiteJuyMdNqiuf9
5qDOK8lPwc9AZUtPwLomeabIxk0PORnCjq/MteF1Ga4NrBDfeNWhw6JPSs+J10kG
2+y3QduFZcTeIyq8nnpB/9D9AFDuupzHWeGNeXGPZKD746du2l6K8C54M+dISBET
rbH42M0F7CGaCUo83cdK1+DovgcKUMtzghqE5QRP8ktEiIznnicG1NRW6rYhLL/F
nnlK7yKfjKz/RbE320fVWkbBCbtZmEVjmqLQEbhaNdj7rJ7VoYDzfHjh6GSNGX6b
3jLXpBPQyzwV+B1rh97q9Os7fPmTaUlX8xNl3YhcdJVu3FzD5So9/LyQY4EUDE7R
suWDRUU1w+CROxNc5UMRX/VBr65GRl34Y2N7JtZKaz30mQv7ucN6ZsMRwH4B01ss
jDjLaLSsBseApkQuuFwNbG/jFbGvlG4w2LZDkLbu0yepVMnL+yecHXWIsy++GVrY
V6DzUC05k0AOCZG502Dx2AvAeUoOAIEa4GW8OKlk9oZbIE1FIl91gZ1H4KZMYghx
SvMzbDjujZ3uF2xhZ3H1HRq0U3UU14JCeZ1gr5Mkpl3weuC61bpNEX0KRdIPY+9f
c39XS+w8piQDbp21D15E1C5gj1Ox2V5mGzD7lDAAMACgggfBMIIDxjCCAq6gAwIB
AgIIGAAYABgAGAkwDQYJKoZIhvcNAQENBQAwXDEfMB0GA1UECgwWRXhhbXBsZS1U
ZXN0LXJoZWwtZmlwczEYMBYGA1UECwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYDVQQD
DBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTE3MDYyNzA5NTIxN1oXDTE3MTIy
NDEwNTIxN1owOTENMAsGA1UECxMEdGVzdDEXMBUGCgmSJomT8ixkAQETB1Rlc3Rp
bmcxDzANBgNVBAMTBlRlc3QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmSlBC/NQxZx+2gUaLf1Nh9dQDx3RY0A6bWCKUReghYvYgaSjnTL/4e46aq
zz+8p1oKsKARQZ8oJGB+n/wDbGlr5j9S+ApMqbwc08SwVlFUOzoV3zu6keE8Moic
P6i72hs5HJeoYPS7AZt+4Z3jY3DhgxEgM0IIsu7Ru2w33JJUK6UiDldW2CXaTq1X
/OnOL+FNFKeBV9lAWFVZnucKZXpIv4dbGwFasifFBpVYKBfWoIn7JR7PkKGI56K/
Ti0NKl/qtkGqae36k+m1QIM5x8P+673zETLkh6QLe0rmH5XRGhym7Z0MAABvcMII
ggg+JHk/Msz2Ezpfmm5uua3bpccCAwEAAaOBrjCBqzAfBgNVHSMEGDAWgBS60oXL
FcUm6BBRS/BPwUgQpFDfgjBZBggrBgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0
dHA6Ly9jc3FhNC1ndWVzdDA0LmlkbS5sYWIuZW5nLnJkdS5yZWRoYXQuY29tOjI1
MDgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDBDANBgkqhkiG9w0BAQ0FAAOCAQEApvsUpZLVTYaYGb/EqJPZwvaG
wGXrZcCS2AHy0zr6DuP/6m4pcvWWVqx53ztg8macGzhSz4eTxFP0g+ESJ3IYDAMf
wY0bNiNQMTdDw1icHmEqThj7rU5cL/xcWBz+Y1cD9z9F1vm2/36PHkKZFpWgGRYG
8LZp5Sm9cmOeqy7O/ouOp6zDyVDmNC4zX3cE0ERatn1hX33dfhv3IRSGwTHP9FPp
pr0QUpDk8WvQwTIOY1woN8Lx1/NTVpbO2+siYNNuBpgOug1linp9/YWLeRZ9qX0Q
hW97wRx3BeMA5iPUqdMVn1+xQuKZCaH76w4+H5OiAAZ6RiuyxCtSwxCRpA5qgTCC
A/MwggLboAMCAQICAQEwDQYJKoZIhvcNAQENBQAwXDEfMB0GA1UECgwWRXhhbXBs
ZS1UZXN0LXJoZWwtZmlwczEYMBYGA1UECwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYD
VQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTE3MDYwNzE2MTQxNVoXDTM3
MDYwNzE2MTQxNVowXDEfMB0GA1UECgwWRXhhbXBsZS1UZXN0LXJoZWwtZmlwczEY
MBYGA1UECwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYDVQQDDBZDQSBTaWduaW5nIENl
cnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl9Poda5
5C4eQMMTVdLVutdoUB1jH14aqxd3pF+IpEqsPjzufFetwri8jX9FoSAagltnpaWV
beTpat7xHl8kowhXjt0x9DEDQuHHxZ7QApA8dHIpswACzlDT9FYU5qmNAB834+dj
r31/l2ehEOg4C2lXEKRHRUfaUdpSC0rpz56mu+80Sjl9V6IBp9J0rX6ogyBCJcer
gmg6kuGG6RJ0Uq080QIrCBEaVWpgo+nuyxLCSLAp5HpLeqEgHW6jp4TT7UySQJvL
luri//FBcmeQTPYQvAQcbsjQ1MDSuYR8hHgbDHkg50zfMEb4oQLCq9hizPF5TVgF
d/1BKPvnuwIzxwIDAQABo4G/MIG8MB8GA1UdIwQYMBaAFLrShcsVxSboEFFL8E/B
SBCkUN+CMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQW
BBS60oXLFcUm6BBRS/BPwUgQpFDfgjBZBggrBgEFBQcBAQRNMEswSQYIKwYBBQUH
MAGGPWh0dHA6Ly9jc3FhNC1ndWVzdDA0LmlkbS5sYWIuZW5nLnJkdS5yZWRoYXQu
Y29tOjI1MDgwL2NhL29jc3AwDQYJKoZIhvcNAQENBQADggEBAGXfc4ofwjSDOmCX
jLPSzthyVE/NHcbwgRbzisgMBF7YN1S4jgYDutVg9PIF8cZJVBD7jicZGh+J9Syj
CrwAIMIa49S/XdimvfGL9+V5zmptyuFzN7TidZW1blviCEoi79N0bxceki/rmGSr
Ztyup0n+t2jvENFVM7WKVCQudgRlpUpI7iGkfmyb5n/yt7VpiOOSw+GiIzdJH+69
1rJdW71LmNKIXrEzjudA/QUZpxP7TfX1S0HMYcQfPyjazrkSUxyEw75lOPFSU6CG
v1ntDDc8HeFVNetidSb5gZG6JC5OQ9ygDCgtBaerTLSkIraXiYD5/C+hTkBufLCz
IUiipX8xggHfMIIB2wIBAzBoMFwxHzAdBgNVBAoMFkV4YW1wbGUtVGVzdC1yaGVs
LWZpcHMxGDAWBgNVBAsMD3BraS1Sb290Q0EtQ01DMzEfMB0GA1UEAwwWQ0EgU2ln
bmluZyBDZXJ0aWZpY2F0ZQIIGAAYABgAGAkwDQYJYIZIAWUDBAIBBQCgSjAXBgkq
hkiG9w0BCQMxCgYIKwYBBQUHDAIwLwYJKoZIhvcNAQkEMSIEICGKRBIJI9ts9Qxa
+ThSlRlGflWDgAHi6G/VWfZreAg6MA0GCSqGSIb3DQEBAQUABIIBABd9jrmfm4WD
Nankfyc2cuwFLBE4BypxFPweyYL/VBETvymlFoHvUWm0CUcd/U/HYkjuG0u3xuZe
he3990kR5z9RJtT4ltoNmQCoFc1nOIUzsTO1CSAoZBeqiSbE1BzGz3AU0v+oztNM
/4X9WcWevP7j9OWQ9xeJWeS78xRdqF4HekXYrTAavb611IvJ+0y+FEj4sbtC0610
lpCT9HtUPj1Tdr/POoKgmfR+AkspmTnBV2kXCFPHelEhjiGdb+cnBZgTpn3XNpTY
P+4Fz20iF2GiC3Bef0syF74QMsOXSUHRaHK/Mieya2MGw0+UCbdVaQ1hblF7hz5Q
nPTVMz3QR8M=



The CMC enrollment request in binary format is stored in cmc.decreyptedPOP.response.
[root@pki1 certs_db]# HttpClient user-signed/HttpClient-crmf-DecryptedPOP.cfg

Total number of bytes read = 4568
after SSLSocket created, thread token is NSS FIPS 140-2 User Private Key
client cert is not null
handshake happened
writing to socket
Total number of bytes read = 2587
MIIKFwYJKoZIhvcNAQcCoIIKCDCCCgQCAQMxDzANBglghkgBZQMEAgMFADAxBggr
BgEFBQcMA6AlBCMwITAbMBkCAQEGCCsGAQUFBwcBMQowCAIBADADAgEBMAAwAKCC
B70wggPCMIICqqADAgECAgQErdukMA0GCSqGSIb3DQEBDQUAMFwxHzAdBgNVBAoM
FkV4YW1wbGUtVGVzdC1yaGVsLWZpcHMxGDAWBgNVBAsMD3BraS1Sb290Q0EtQ01D
MzEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xNzA2MjgwNTQ1
NTBaFw0xNzEyMjUwNjQ1NTBaMDkxDTALBgNVBAsTBHRlc3QxFzAVBgoJkiaJk/Is
ZAEBEwdUZXN0aW5nMQ8wDQYDVQQDEwZUZXN0MTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxD/UpAiueBUbX0Ge24NOedc4hAguEQx8Ab9Zn1vXfjVoh
DDzOoePa1Z6flkLdXag5/z4icOhlZC/FPDvdvxAmvTozTxjMFjeZztghTeSCaQgh
XZC/VJujO1tco4JREUi12AryZr8mBVGEJvmwRtfCVVf7VBKnO9cq48hyaueKlvgv
JZbi58cXOdd5SQ94wTchh2CNysoZIhq6T3weh7Eph2/zgEBtupKjdxoNvdF7A1WJ
6A8BEV1nuVA3+HJMzqQUgvJA/pf3puRG87WyOSY4joDfe2Pk8S//PvfNVDHAWzXy
V2SQZ8/ty6pCttpsT7ODJ3+TqH7sSzITomRo+byVAgMBAAGjga4wgaswHwYDVR0j
BBgwFoAUutKFyxXFJugQUUvwT8FIEKRQ34IwWQYIKwYBBQUHAQEETTBLMEkGCCsG
AQUFBzABhj1odHRwOi8vY3NxYTQtZ3Vlc3QwNC5pZG0ubGFiLmVuZy5yZHUucmVk
aGF0LmNvbToyNTA4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAU
BggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQENBQADggEBAD4k/NP2r9kj
d/nqPzSWhw8mVpraY/hv3ODZAbvswh7ODRtOdhnLzHCbfdWIYelw264PGnzOqWiC
JiuZKOvxKvYJzcVHDcbJyFboKeBjRwDlxPkKJ5EWJiDYul9SFPrz6Bgu2ZEnQTs+
eMqUpMzBUztY2krjdt5Vepxo0dXKbfIHJYaPha/p+LU53g1enGyJmywWbLKdsvvW
hXuf24itrCZlzUs1oaE1q0dUJVmfYiQ+m2gTQLCdqTbv10mYdzb6BVDFbhjPsw5P
7lqcwvU8jAzUKoqd7QtcATaya5c4S+qJMOFs4QxZZwMqc47x1RPAzaiAFbiZXXZ4
m62+1MyBptUwggPzMIIC26ADAgECAgEBMA0GCSqGSIb3DQEBDQUAMFwxHzAdBgNV
BAoMFkV4YW1wbGUtVGVzdC1yaGVsLWZpcHMxGDAWBgNVBAsMD3BraS1Sb290Q0Et
Q01DMzEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xNzA2MDcx
NjE0MTVaFw0zNzA2MDcxNjE0MTVaMFwxHzAdBgNVBAoMFkV4YW1wbGUtVGVzdC1y
aGVsLWZpcHMxGDAWBgNVBAsMD3BraS1Sb290Q0EtQ01DMzEfMB0GA1UEAwwWQ0Eg
U2lnbmluZyBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL5fT6HWueQuHkDDE1XS1brXaFAdYx9eGqsXd6RfiKRKrD487nxXrcK4vI1/
RaEgGoJbZ6WllW3k6Wre8R5fJKMIV47dMfQxA0Lhx8We0AKQPHRyKbMAAs5Q0/RW
FOapjQAfN+PnY699f5dnoRDoOAtpVxCkR0VH2lHaUgtK6c+eprvvNEo5fVeiAafS
dK1+qIMgQiXHq4JoOpLhhukSdFKtPNECKwgRGlVqYKPp7ssSwkiwKeR6S3qhIB1u
o6eE0+1MkkCby5bq4v/xQXJnkEz2ELwEHG7I0NTA0rmEfIR4Gwx5IOdM3zBG+KEC
wqvYYszxeU1YBXf9QSj757sCM8cCAwEAAaOBvzCBvDAfBgNVHSMEGDAWgBS60oXL
FcUm6BBRS/BPwUgQpFDfgjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
xjAdBgNVHQ4EFgQUutKFyxXFJugQUUvwT8FIEKRQ34IwWQYIKwYBBQUHAQEETTBL
MEkGCCsGAQUFBzABhj1odHRwOi8vY3NxYTQtZ3Vlc3QwNC5pZG0ubGFiLmVuZy5y
ZHUucmVkaGF0LmNvbToyNTA4MC9jYS9vY3NwMA0GCSqGSIb3DQEBDQUAA4IBAQBl
33OKH8I0gzpgl4yz0s7YclRPzR3G8IEW84rIDARe2DdUuI4GA7rVYPTyBfHGSVQQ
+44nGRofifUsowq8ACDCGuPUv13Ypr3xi/flec5qbcrhcze04nWVtW5b4ghKIu/T
dG8XHpIv65hkq2bcrqdJ/rdo7xDRVTO1ilQkLnYEZaVKSO4hpH5sm+Z/8re1aYjj
ksPhoiM3SR/uvdayXVu9S5jSiF6xM47nQP0FGacT+0319UtBzGHEHz8o2s65ElMc
hMO+ZTjxUlOghr9Z7Qw3PB3hVTXrYnUm+YGRuiQuTkPcoAwoLQWnq0y0pCK2l4mA
+fwvoU5AbnywsyFIoqV/MYIB+DCCAfQCAQMwYTBcMR8wHQYDVQQKDBZFeGFtcGxl
LVRlc3QtcmhlbC1maXBzMRgwFgYDVQQLDA9wa2ktUm9vdENBLUNNQzMxHzAdBgNV
BAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUCAQEwDQYJYIZIAWUDBAIDBQCgajAX
BgkqhkiG9w0BCQMxCgYIKwYBBQUHDAMwTwYJKoZIhvcNAQkEMUIEQET6wdXLIi8f
9QLSS1n3oGj9kYNOIy1R9Ou1HDGs8woPHLqQF678cCTsFekM82L8gIxjbnf7y/BV
utePOIuVNrEwDQYJKoZIhvcNAQEBBQAEggEAYnZzS1ePn4LfnqcPbzoLFcaSd3yh
1wC5sCxbtwEKLLNpiDgRr2kY5YaVhKwbZVLdgEkN4BwxCvMOibiUugL6pk/lguZn
LPCvjer8arvqpN3jIw7XRLjy2z79wcu12ixTPnD6+rXcfQpvseFTW3x96UW+U3x0
Dop+1hHfyKmNZ3TJeOf1ioVFiKP8WbAyFkmSJXTjhwhdE9SW4xgn2L0uR/2OuNLE
AOnBeR2eInrLed+Bbn55v2EjaJy8MdR2yzNykPt10fv63jm94kB7X/wY+/CzgAaQ
S/lU/iE2gYTPirjlEuWhBMgzADKHLp707G22oGq6jazhPQQEtfSOTZ1akA==


The response in binary format is stored in user-signed/cmcResp2-round2

[root@pki1 certs_db]# CMCResponse -d . -i  user-signed/cmcResp2-round2
Certificates: 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x4ADDBA4
            Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Issuer: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Validity: 
                Not Before: Wednesday, June 28, 2017 1:45:50 AM EDT America/New_York
                Not  After: Monday, December 25, 2017 1:45:50 AM EST America/New_York
            Subject: CN=Test11,UID=Testing,OU=test
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        B1:0F:F5:29:02:2B:9E:05:46:D7:D0:67:B6:E0:D3:9E:
                        75:CE:21:02:0B:84:43:1F:00:6F:D6:67:D6:F5:DF:8D:
                        5A:21:0C:3C:CE:A1:E3:DA:D5:9E:9F:96:42:DD:5D:A8:
                        39:FF:3E:22:70:E8:65:64:2F:C5:3C:3B:DD:BF:10:26:
                        BD:3A:33:4F:18:CC:16:37:99:CE:D8:21:4D:E4:82:69:
                        08:21:5D:90:BF:54:9B:A3:3B:5B:5C:A3:82:51:11:48:
                        B5:D8:0A:F2:66:BF:26:05:51:84:26:F9:B0:46:D7:C2:
                        55:57:FB:54:12:A7:3B:D7:2A:E3:C8:72:6A:E7:8A:96:
                        F8:2F:25:96:E2:E7:C7:17:39:D7:79:49:0F:78:C1:37:
                        21:87:60:8D:CA:CA:19:22:1A:BA:4F:7C:1E:87:B1:29:
                        87:6F:F3:80:40:6D:BA:92:A3:77:1A:0D:BD:D1:7B:03:
                        55:89:E8:0F:01:11:5D:67:B9:50:37:F8:72:4C:CE:A4:
                        14:82:F2:40:FE:97:F7:A6:E4:46:F3:B5:B2:39:26:38:
                        8E:80:DF:7B:63:E4:F1:2F:FF:3E:F7:CD:54:31:C0:5B:
                        35:F2:57:64:90:67:CF:ED:CB:AA:42:B6:DA:6C:4F:B3:
                        83:27:7F:93:A8:7E:EC:4B:32:13:A2:64:68:F9:BC:95
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:4B:30:49:06:08:2B:06:01:05:05:07:30:01:86:3D:
                        68:74:74:70:3A:2F:2F:63:73:71:61:34:2D:67:75:65:
                        73:74:30:34:2E:69:64:6D:2E:6C:61:62:2E:65:6E:67:
                        2E:72:64:75:2E:72:65:64:68:61:74:2E:63:6F:6D:3A:
                        32:35:30:38:30:2F:63:61:2F:6F:63:73:70
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key Encipherment 
                Identifier: Extended Key Usage: - 2.5.29.37
                    Critical: no 
                    Extended Key Usage: 
                        1.3.6.1.5.5.7.3.2
                        1.3.6.1.5.5.7.3.4
        Signature: 
            Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Signature: 
                3E:24:FC:D3:F6:AF:D9:23:77:F9:EA:3F:34:96:87:0F:
                26:56:9A:DA:63:F8:6F:DC:E0:D9:01:BB:EC:C2:1E:CE:
                0D:1B:4E:76:19:CB:CC:70:9B:7D:D5:88:61:E9:70:DB:
                AE:0F:1A:7C:CE:A9:68:82:26:2B:99:28:EB:F1:2A:F6:
                09:CD:C5:47:0D:C6:C9:C8:56:E8:29:E0:63:47:00:E5:
                C4:F9:0A:27:91:16:26:20:D8:BA:5F:52:14:FA:F3:E8:
                18:2E:D9:91:27:41:3B:3E:78:CA:94:A4:CC:C1:53:3B:
                58:DA:4A:E3:76:DE:55:7A:9C:68:D1:D5:CA:6D:F2:07:
                25:86:8F:85:AF:E9:F8:B5:39:DE:0D:5E:9C:6C:89:9B:
                2C:16:6C:B2:9D:B2:FB:D6:85:7B:9F:DB:88:AD:AC:26:
                65:CD:4B:35:A1:A1:35:AB:47:54:25:59:9F:62:24:3E:
                9B:68:13:40:B0:9D:A9:36:EF:D7:49:98:77:36:FA:05:
                50:C5:6E:18:CF:B3:0E:4F:EE:5A:9C:C2:F5:3C:8C:0C:
                D4:2A:8A:9D:ED:0B:5C:01:36:B2:6B:97:38:4B:EA:89:
                30:E1:6C:E1:0C:59:67:03:2A:73:8E:F1:D5:13:C0:CD:
                A8:80:15:B8:99:5D:76:78:9B:AD:BE:D4:CC:81:A6:D5
        FingerPrint
            MD2:
                79:74:39:C5:49:FE:10:32:F4:65:8D:47:F2:35:CC:3E
            MD5:
                BE:70:C7:C9:CE:C5:63:60:CE:E4:62:70:AE:01:D4:D9
            SHA-1:
                5E:C7:B9:94:6B:65:F9:96:48:0B:5F:DE:16:DA:04:11:
                52:85:0D:2E
            SHA-256:
                41:90:7E:E1:C5:55:56:64:3D:9A:F2:5B:63:97:B5:5F:
                69:7E:A9:FE:96:5D:55:E5:83:E6:51:D7:1F:FF:88:5B
            SHA-512:
                8C:B6:CC:BF:95:3E:73:54:C5:98:8F:DC:F3:81:EB:AD:
                AD:D8:5C:38:D6:D5:D5:68:EB:66:B2:E6:6D:8B:AF:5E:
                86:B1:0F:FF:49:3F:B5:C5:0B:7E:10:D3:F0:B0:17:67:
                0A:3B:75:7B:52:8F:04:84:62:49:7F:09:7A:8A:7E:95
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x1
            Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Issuer: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Validity: 
                Not Before: Wednesday, June 7, 2017 12:14:15 PM EDT America/New_York
                Not  After: Sunday, June 7, 2037 12:14:15 PM EDT America/New_York
            Subject: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        BE:5F:4F:A1:D6:B9:E4:2E:1E:40:C3:13:55:D2:D5:BA:
                        D7:68:50:1D:63:1F:5E:1A:AB:17:77:A4:5F:88:A4:4A:
                        AC:3E:3C:EE:7C:57:AD:C2:B8:BC:8D:7F:45:A1:20:1A:
                        82:5B:67:A5:A5:95:6D:E4:E9:6A:DE:F1:1E:5F:24:A3:
                        08:57:8E:DD:31:F4:31:03:42:E1:C7:C5:9E:D0:02:90:
                        3C:74:72:29:B3:00:02:CE:50:D3:F4:56:14:E6:A9:8D:
                        00:1F:37:E3:E7:63:AF:7D:7F:97:67:A1:10:E8:38:0B:
                        69:57:10:A4:47:45:47:DA:51:DA:52:0B:4A:E9:CF:9E:
                        A6:BB:EF:34:4A:39:7D:57:A2:01:A7:D2:74:AD:7E:A8:
                        83:20:42:25:C7:AB:82:68:3A:92:E1:86:E9:12:74:52:
                        AD:3C:D1:02:2B:08:11:1A:55:6A:60:A3:E9:EE:CB:12:
                        C2:48:B0:29:E4:7A:4B:7A:A1:20:1D:6E:A3:A7:84:D3:
                        ED:4C:92:40:9B:CB:96:EA:E2:FF:F1:41:72:67:90:4C:
                        F6:10:BC:04:1C:6E:C8:D0:D4:C0:D2:B9:84:7C:84:78:
                        1B:0C:79:20:E7:4C:DF:30:46:F8:A1:02:C2:AB:D8:62:
                        CC:F1:79:4D:58:05:77:FD:41:28:FB:E7:BB:02:33:C7
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: Basic Constraints - 2.5.29.19
                    Critical: yes 
                    Is CA: yes 
                    Path Length Constraint: UNLIMITED
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key CertSign 
                        Crl Sign 
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:4B:30:49:06:08:2B:06:01:05:05:07:30:01:86:3D:
                        68:74:74:70:3A:2F:2F:63:73:71:61:34:2D:67:75:65:
                        73:74:30:34:2E:69:64:6D:2E:6C:61:62:2E:65:6E:67:
                        2E:72:64:75:2E:72:65:64:68:61:74:2E:63:6F:6D:3A:
                        32:35:30:38:30:2F:63:61:2F:6F:63:73:70
        Signature: 
            Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Signature: 
                65:DF:73:8A:1F:C2:34:83:3A:60:97:8C:B3:D2:CE:D8:
                72:54:4F:CD:1D:C6:F0:81:16:F3:8A:C8:0C:04:5E:D8:
                37:54:B8:8E:06:03:BA:D5:60:F4:F2:05:F1:C6:49:54:
                10:FB:8E:27:19:1A:1F:89:F5:2C:A3:0A:BC:00:20:C2:
                1A:E3:D4:BF:5D:D8:A6:BD:F1:8B:F7:E5:79:CE:6A:6D:
                CA:E1:73:37:B4:E2:75:95:B5:6E:5B:E2:08:4A:22:EF:
                D3:74:6F:17:1E:92:2F:EB:98:64:AB:66:DC:AE:A7:49:
                FE:B7:68:EF:10:D1:55:33:B5:8A:54:24:2E:76:04:65:
                A5:4A:48:EE:21:A4:7E:6C:9B:E6:7F:F2:B7:B5:69:88:
                E3:92:C3:E1:A2:23:37:49:1F:EE:BD:D6:B2:5D:5B:BD:
                4B:98:D2:88:5E:B1:33:8E:E7:40:FD:05:19:A7:13:FB:
                4D:F5:F5:4B:41:CC:61:C4:1F:3F:28:DA:CE:B9:12:53:
                1C:84:C3:BE:65:38:F1:52:53:A0:86:BF:59:ED:0C:37:
                3C:1D:E1:55:35:EB:62:75:26:F9:81:91:BA:24:2E:4E:
                43:DC:A0:0C:28:2D:05:A7:AB:4C:B4:A4:22:B6:97:89:
                80:F9:FC:2F:A1:4E:40:6E:7C:B0:B3:21:48:A2:A5:7F
        FingerPrint
            MD2:
                14:1A:7B:AF:60:17:19:B0:FD:1B:1B:E2:5F:41:A3:6E
            MD5:
                2B:E4:D0:7B:91:FA:A0:E4:1D:29:AE:A7:92:33:C1:48
            SHA-1:
                47:AB:4E:9E:C9:FF:82:D2:CB:D5:32:F9:88:DF:78:66:
                2E:2F:A9:B9
            SHA-256:
                39:30:9C:47:C7:23:F0:6C:1C:3C:47:57:BC:27:91:B7:
                30:74:0B:B9:DC:92:31:8A:65:D7:7D:06:FE:17:61:C3
            SHA-512:
                03:03:91:47:B0:00:9D:E7:3B:54:B0:A1:62:BB:A6:0A:
                D4:30:A0:6F:CC:F5:F8:3F:ED:D4:B1:B0:0E:B3:9E:61:
                6E:77:6D:96:51:39:37:54:1E:79:80:51:61:4C:01:E2:
                50:D7:14:F5:9D:6C:AE:D0:1F:5C:11:27:86:3A:F5:99


Number of controls is 1
Control #0: CMCStatusInfo
   OID: {1 3 6 1 5 5 7 7 1}
   BodyList: 1 
   Status: SUCCESS


2. verify on CA EE page.

	
	
Request: 	148
Submitted on: 	6/28/2017 11:15:50
Status: 	complete
Issued certificate: 	0x04addba4

Comment 9 Ade Lee 2017-07-26 16:04:35 UTC

Doc text looks good.

Comment 10 errata-xmlrpc 2017-08-01 22:52:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2110

Note You need to log in before you can comment on or make changes to this bug.