Bug 1458055 - dont reuse IVs in the CMC code
Summary: dont reuse IVs in the CMC code
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Ade Lee
QA Contact: Asha Akkiangady
Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-01 22:03 UTC by Matthew Harmsen
Modified: 2017-08-01 22:52 UTC (History)
9 users (show)

Fixed In Version: pki-core-10.4.1-9.el7
Doc Type: Enhancement
Doc Text:
CMC requests now use a random IV for AES and 3DES encryption With this update, Certificate Management over CMS (CMC) requests in PKI Server use a randomly generated initialization vector (IV) when encrypting a key to be archived. Previously, the client and server code used a fixed IV in this scenario. The CMC client code has been enhanced, and as a result, using random IVs increase security when performing encryption for both Advanced Encryption Standard (AES) and Triple Data Encryption Algorithm (3DES).
Clone Of:
Environment:
Last Closed: 2017-08-01 22:52:53 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2110 normal SHIPPED_LIVE pki-core bug fix and enhancement update 2017-08-01 19:36:59 UTC

Description Matthew Harmsen 2017-06-01 22:03:09 UTC
This bug is created as a clone of upstream ticket:
https://pagure.io/dogtagpki/issue/2722

dont reuse IVs in the CMC code.  Its bad ju-ju!

Comment 3 Ade Lee 2017-06-09 00:24:59 UTC
commit 5bf30f2f6a52b7164ba31ab12ed2317b2c572610
Author: Ade Lee <alee@redhat.com>
Date:   Thu Jun 8 16:08:30 2017 -0400

    Stop using hardcoded IV in CMC
    
    Bugzilla #BZ 1458055
    
    Change-Id: I229d7f18c46f0b55ec83f051614de1b59e125b82

Comment 5 Geetika Kapoor 2017-06-22 09:55:17 UTC
Could you please share some testing steps for this Bugzilla.
Thanks!!

Comment 6 Christina Fu 2017-06-22 21:16:00 UTC
The randomized IVs are inherent in the code so there is no special config or anything.  Just do the CMC EncryptedPOP DecryptedPOP as exampled here:
http://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_(RFC5272)#User-signed_CMC_request_Without_POP_.28Encrypted_POP_.2F_Decrypted_POP.29

then you are exercising the code in this bug.

Comment 7 Geetika Kapoor 2017-06-27 19:38:26 UTC
Test build:

rpm -qa pki-ca
pki-ca-10.4.1-10.el7.noarch

Test Steps:

[root@pki1 certs_db]# CRMFPopClient -d . -p SECret.123 -n "cn=Test11, uid=Testing, ou=test" -q POP_NONE -b kra.transport  -w "AES/CBC/PKCS5Padding" -v -o  user-signed/crmf2.req
Initializing security database: .
Loading transport certificate
Parsing subject DN
RDN: OU=test
RDN: UID=Testing
RDN: CN=Test11
Generating key pair
Keypair private key id: -a2c7a2c613c6429defbb108dba85cdedb27522a
Using key wrap algorithm: AES/CBC/PKCS5Padding
Creating certificate request
Creating CRMF request
Storing CRMF requrest into user-signed/crmf2.req
[root@pki1 certs_db]# vi user-signed/cmc-crmf-EncryptedPOP.cfg
[root@pki1 certs_db]# vi user-signed/cmc-crmf-DecryptedPOP.cfg
[root@pki1 certs_db]# CMCRequest  user-signed/cmc-crmf-EncryptedPOP.cfg

cert/key prefix = 
path = /opt/rhqa_pki/certs_db/
CryptoManger initialized
token internal logged in...
got signerCert: user_geetika
createPKIData: begins
k=0
createPKIData:  format: crmf
identification control: identification =testuser
Successfully create identification control. bpid = 1

selfSign is false...
signData: begins: 
getPrivateKey: got signing cert
signData:  got signer privKey
createSignedData: begins
getSigningAlgFromPrivate: begins.
getSigningAlgFromPrivate: found signingKeyType=RSA
getSigningAlgFromPrivate: using SignatureAlgorithm: RSASignatureWithSHA256Digest
createSignedData: digest created for pkidata
createSignedData: digest algorithm =RSA
createSignedData: building cert chain
signData: signed request generated.
getCMCBlob: begins
getCMCBlob: generating signed data

The CMC enrollment request in base-64 encoded format:

MIIRlwYJKoZIhvcNAQcCoIIRiDCCEYQCAQMxDzANBglghkgBZQMEAgEFADCCB8QG
CCsGAQUFBwwCoIIHtgSCB7IwggeuMBswGQIBAQYIKwYBBQUHBwIxCgwIdGVzdHVz
ZXIwggeJoYIHhTCCB4ECAQEwggFmgAECpTswOTENMAsGA1UECxMEdGVzdDEXMBUG
CgmSJomT8ixkAQETB1Rlc3RpbmcxDzANBgNVBAMTBlRlc3QxMaaCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALEP9SkCK54FRtfQZ7bg0551ziECC4RDHwBv
1mfW9d+NWiEMPM6h49rVnp+WQt1dqDn/PiJw6GVkL8U8O92/ECa9OjNPGMwWN5nO
2CFN5IJpCCFdkL9Um6M7W1yjglERSLXYCvJmvyYFUYQm+bBG18JVV/tUEqc71yrj
yHJq54qW+C8lluLnxxc513lJD3jBNyGHYI3KyhkiGrpPfB6HsSmHb/OAQG26kqN3
Gg290XsDVYnoDwERXWe5UDf4ckzOpBSC8kD+l/em5EbztbI5JjiOgN97Y+TxL/8+
981UMcBbNfJXZJBnz+3LqkK22mxPs4Mnf5OofuxLMhOiZGj5vJUCAwEAATCCBhAw
ggYMBgkrBgEFBQcFAQSgggX9MIIF+aEdBglghkgBZQMEAQIEEGGF9kHA/oE/upbD
PJP2tq2CggEBAJMetqldyvs3fKq02da+Q8KJHnIQJQYGNIi10HawHPWR/NsXK9K+
ccGPxe/21WF84mJFXbziWYwqkFYTKqR/xvH5F5Z+howtDy9esVRppeBqDsEhDW+K
U5JadQfmnAwSW3CJbp5gu7cByGhTWJdtIGMWfvLDU5tFZ1XRzNtCG4sKeNrzUTTl
Yg9b26FaCPz0czAsjrzacioXxUA+eQSzxSL7z9PLcRy4SHTJhhnAdyFY3QxjXGGL
jBBUMMKnc5pbAsqqwRQTK85xu49e08iVyI7e0EE4rf97KXfVilqJ+cbAPhE5I0jn
P79X6HulOkMy+n7vcIZr/i83EcGHn9OrnHEDggTRAGgbGIFr9LdgYXTVcjyRmaLp
kAUazx0CAnV856Y8AfCALTZNffDlYQa2W0tQekbHmH06vsvvij4VL3KhMcpPcHWe
JIUFc7jf0GT79t5/w+konmTsYD6UYwWyCiSzMqDMesQmpWe0ql1dOMftk/isULK1
rNTez9ONv0kI25hlhK0xmbu2DepiXirUMS/AV/7YxpUAibHp6sPzqq6l1Lz66YiD
E8f9aGbWhs5r2k3iTgenqy3vFS65zZ6kuNG/XAy7ICCivxd+DWR0f3hj4z6vlmNM
JXNu1I+vXp+3/h0+itbgpky+uM6AYsSXqUxm4Jx5oFKD0AsaUpM974rhnWyKijIN
j0cGn/HVmi+6QW0vy21oESfWbgc9GJfhUhsPH30k3ymrp2pjSbIq3tx/VZ5vBu6N
PuLAqA6Mw0BTBCCx7mM5W6d9CBuyzBetba+VhyozLEcYGW7Ob1EwLcIWTyttZJ7y
Mm+8MOoCQi6Soe54ml0aMjwmyjjm7llnLlvBXsB/gFk2H38tb9R3UBkx6g1EZFvi
80JqcN+odvQvwEI7ZlYZdZ4KNIqx0PcWch8sNArjSvgQByBKta3UfjeUXyvB4rFd
bER+jn3TxKfEAEWPkSqI6dG2BuA3Hy9vNShfzdbLbmzg8yrXHehuyx05hWfEChj2
Oxb+Zt+2qWnfa2Ab7wNFmoRIcJyCo+6EP9b5W0A6gic/o08UhhfWRj/jmqAz6k6H
Y5yTu/JjVqKupK7WFlUBASqTugkfHLbI8QrqLwsZ5T9PTeVhxA9akEvoOWGUUFUQ
ktq/ULMjcUoUZgBnWqqg5ass03mXB33HRWtOIqNz6RjStRnv3gZ8hABxUuINatrr
+DWBBkpZHpfZZfDf55yUJz1FwTvN05y9YoEXALuIJo0UbW0Gaa6FdRXCS+cbatxu
xvZxt0Ba7H/ciKAMhHPUozDkS1zZyuP5xQ9vvvbq24Y4BZbNaNGD+6Jhum1rhai1
Q7QHXyCB3+WMkjPUoBjBthFO1JGPE8A8uK14m7Ix02qK5/3moM4ryU/Bz0BlS0/A
uiZ5psjGTQ85GcKOr8y14XUZrg2sEN941aHDok9Kz4nXSQbb7LdB24VlxN4jKrye
ekH/0P0AUO66nMdZ4Y15cY9koPvjp27aXorwLngz50hIEROtsfjYzQXsIZoJSjzd
x0rX4Oi+BwpQy3OCGoTlBE/yS0SIjOeeJwbU1FbqtiEsv8WeeUrvIp+MrP9FsTfb
R9VaRsEJu1mYRWOaotARuFo12PusntWhgPN8eOHoZI0ZfpveMtekE9DLPBX4HWuH
3ur06zt8+ZNpSVfzE2XdiFx0lW7cXMPlKj38vJBjgRQMTtGy5YNFRTXD4JE7E1zl
QxFf9UGvrkZGXfhjY3sm1kprPfSZC/u5w3pmwxHAfgHTWyyMOMtotKwGx4CmRC64
XA1sb+MVsa+UbjDYtkOQtu7TJ6lUycv7J5wddYizL74ZWthXoPNQLTmTQA4JkbnT
YPHYC8B5Sg4AgRrgZbw4qWT2hlsgTUUiX3WBnUfgpkxiCHFK8zNsOO6Nne4XbGFn
cfUdGrRTdRTXgkJ5nWCvkySmXfB64LrVuk0RfQpF0g9j719zf1dL7DymJANunbUP
XkTULmCPU7HZXmYbMPuUMAAwAKCCB8EwggPGMIICrqADAgECAggYABgAGAAYCTAN
BgkqhkiG9w0BAQ0FADBcMR8wHQYDVQQKDBZFeGFtcGxlLVRlc3QtcmhlbC1maXBz
MRgwFgYDVQQLDA9wa2ktUm9vdENBLUNNQzMxHzAdBgNVBAMMFkNBIFNpZ25pbmcg
Q2VydGlmaWNhdGUwHhcNMTcwNjI3MDk1MjE3WhcNMTcxMjI0MTA1MjE3WjA5MQ0w
CwYDVQQLEwR0ZXN0MRcwFQYKCZImiZPyLGQBARMHVGVzdGluZzEPMA0GA1UEAxMG
VGVzdDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZKUEL81DFnH
7aBRot/U2H11APHdFjQDptYIpRF6CFi9iBpKOdMv/h7jpqrPP7ynWgqwoBFBnygk
YH6f/ANsaWvmP1L4CkypvBzTxLBWUVQ7OhXfO7qR4TwyiJw/qLvaGzkcl6hg9LsB
m37hneNjcOGDESAzQgiy7tG7bDfcklQrpSIOV1bYJdpOrVf86c4v4U0Up4FX2UBY
VVme5wpleki/h1sbAVqyJ8UGlVgoF9agifslHs+QoYjnor9OLQ0qX+q2Qapp7fqT
6bVAgznHw/7rvfMRMuSHpAt7SuYfldEaHKbtnQwAAG9wwgiCCD4keT8yzPYTOl+a
bm65rdulxwIDAQABo4GuMIGrMB8GA1UdIwQYMBaAFLrShcsVxSboEFFL8E/BSBCk
UN+CMFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAYY9aHR0cDovL2NzcWE0LWd1
ZXN0MDQuaWRtLmxhYi5lbmcucmR1LnJlZGhhdC5jb206MjUwODAvY2Evb2NzcDAO
BgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0G
CSqGSIb3DQEBDQUAA4IBAQCm+xSlktVNhpgZv8Sok9nC9obAZetlwJLYAfLTOvoO
4//qbily9ZZWrHnfO2DyZpwbOFLPh5PEU/SD4RInchgMAx/BjRs2I1AxN0PDWJwe
YSpOGPutTlwv/FxYHP5jVwP3P0XW+bb/fo8eQpkWlaAZFgbwtmnlKb1yY56rLs7+
i46nrMPJUOY0LjNfdwTQRFq2fWFffd1+G/chFIbBMc/0U+mmvRBSkOTxa9DBMg5j
XCg3wvHX81NWls7b6yJg024GmA66DWWKen39hYt5Fn2pfRCFb3vBHHcF4wDmI9Sp
0xWfX7FC4pkJofvrDj4fk6IABnpGK7LEK1LDEJGkDmqBMIID8zCCAtugAwIBAgIB
ATANBgkqhkiG9w0BAQ0FADBcMR8wHQYDVQQKDBZFeGFtcGxlLVRlc3QtcmhlbC1m
aXBzMRgwFgYDVQQLDA9wa2ktUm9vdENBLUNNQzMxHzAdBgNVBAMMFkNBIFNpZ25p
bmcgQ2VydGlmaWNhdGUwHhcNMTcwNjA3MTYxNDE1WhcNMzcwNjA3MTYxNDE1WjBc
MR8wHQYDVQQKDBZFeGFtcGxlLVRlc3QtcmhlbC1maXBzMRgwFgYDVQQLDA9wa2kt
Um9vdENBLUNNQzMxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+X0+h1rnkLh5AwxNV0tW612hQ
HWMfXhqrF3ekX4ikSqw+PO58V63CuLyNf0WhIBqCW2elpZVt5Olq3vEeXySjCFeO
3TH0MQNC4cfFntACkDx0cimzAALOUNP0VhTmqY0AHzfj52OvfX+XZ6EQ6DgLaVcQ
pEdFR9pR2lILSunPnqa77zRKOX1XogGn0nStfqiDIEIlx6uCaDqS4YbpEnRSrTzR
AisIERpVamCj6e7LEsJIsCnkekt6oSAdbqOnhNPtTJJAm8uW6uL/8UFyZ5BM9hC8
BBxuyNDUwNK5hHyEeBsMeSDnTN8wRvihAsKr2GLM8XlNWAV3/UEo++e7AjPHAgMB
AAGjgb8wgbwwHwYDVR0jBBgwFoAUutKFyxXFJugQUUvwT8FIEKRQ34IwDwYDVR0T
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFLrShcsVxSboEFFL
8E/BSBCkUN+CMFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAYY9aHR0cDovL2Nz
cWE0LWd1ZXN0MDQuaWRtLmxhYi5lbmcucmR1LnJlZGhhdC5jb206MjUwODAvY2Ev
b2NzcDANBgkqhkiG9w0BAQ0FAAOCAQEAZd9zih/CNIM6YJeMs9LO2HJUT80dxvCB
FvOKyAwEXtg3VLiOBgO61WD08gXxxklUEPuOJxkaH4n1LKMKvAAgwhrj1L9d2Ka9
8Yv35XnOam3K4XM3tOJ1lbVuW+IISiLv03RvFx6SL+uYZKtm3K6nSf63aO8Q0VUz
tYpUJC52BGWlSkjuIaR+bJvmf/K3tWmI45LD4aIjN0kf7r3Wsl1bvUuY0ohesTOO
50D9BRmnE/tN9fVLQcxhxB8/KNrOuRJTHITDvmU48VJToIa/We0MNzwd4VU162J1
JvmBkbokLk5D3KAMKC0Fp6tMtKQitpeJgPn8L6FOQG58sLMhSKKlfzGCAd8wggHb
AgEDMGgwXDEfMB0GA1UECgwWRXhhbXBsZS1UZXN0LXJoZWwtZmlwczEYMBYGA1UE
CwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmlj
YXRlAggYABgAGAAYCTANBglghkgBZQMEAgEFAKBKMBcGCSqGSIb3DQEJAzEKBggr
BgEFBQcMAjAvBgkqhkiG9w0BCQQxIgQgc4qxU3EvEn3ruB+Ho8rcE8WPZaGQu6XF
PrQx7W6Rm9owDQYJKoZIhvcNAQEBBQAEggEAs/37iwqQl5Ph8DqqnG47km/bc4Gn
5CgGPO/LLSlJ6u/MiYP+e/CTdnMIjuBQVJ9pFI+DYmK2k/gvmy6CphX2ccaN2MUQ
lD5HBwgsTR6yOSDBdkO50QPk59fIujhIuUMzwMQAgv3VnZ5sBiTza/wwEvEEUiuk
7KACDvIrmSRcW8w92Gxe5K/7VBv5NsALNEdb/63h052wPV06Alp1wZ4FN1XGJRTg
ieviOFobNt/ckGE121gL+SZiRm30p5+2l8Gh2FaUbNDn0y08VicFtz5TcNzw0hkP
OW/anNmXdF4KJfQTNk2k+czEoRlg8xQd7cl/AD8GdGvCWydU6XL6fJ4YZg==



The CMC enrollment request in binary format is stored in user-signed/cmc2.req.
[root@pki1 certs_db]# HttpClient user-signed/HttpClient-cmc-crmf-EncryptedPOP.cfg

Total number of bytes read = 4507
after SSLSocket created, thread token is NSS FIPS 140-2 User Private Key
client cert is not null
handshake happened
writing to socket
Total number of bytes read = 4143
MIIQKwYJKoZIhvcNAQcCoIIQHDCCEBgCAQMxDzANBglghkgBZQMEAgMFADCCCgkG
CCsGAQUFBwwDoIIJ+wSCCfcwggnzMIIJ6zCCCbQCAQEGCCsGAQUFBwcJMYIJozCC
CZ+hggeFMIIHgQIBATCCAWaAAQKlOzA5MQ0wCwYDVQQLEwR0ZXN0MRcwFQYKCZIm
iZPyLGQBARMHVGVzdGluZzEPMA0GA1UEAxMGVGVzdDExpoIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAsQ/1KQIrngVG19BntuDTnnXOIQILhEMfAG/WZ9b1
341aIQw8zqHj2tWen5ZC3V2oOf8+InDoZWQvxTw73b8QJr06M08YzBY3mc7YIU3k
gmkIIV2Qv1SboztbXKOCURFItdgK8ma/JgVRhCb5sEbXwlVX+1QSpzvXKuPIcmrn
ipb4LyWW4ufHFznXeUkPeME3IYdgjcrKGSIauk98HoexKYdv84BAbbqSo3caDb3R
ewNViegPARFdZ7lQN/hyTM6kFILyQP6X96bkRvO1sjkmOI6A33tj5PEv/z73zVQx
wFs18ldkkGfP7cuqQrbabE+zgyd/k6h+7EsyE6JkaPm8lQIDAQABMIIGEDCCBgwG
CSsGAQUFBwUBBKCCBf0wggX5oR0GCWCGSAFlAwQBAgQQYYX2QcD+gT+6lsM8k/a2
rYKCAQEAkx62qV3K+zd8qrTZ1r5DwokechAlBgY0iLXQdrAc9ZH82xcr0r5xwY/F
7/bVYXziYkVdvOJZjCqQVhMqpH/G8fkXln6GjC0PL16xVGml4GoOwSENb4pTklp1
B+acDBJbcIlunmC7twHIaFNYl20gYxZ+8sNTm0VnVdHM20Ibiwp42vNRNOViD1vb
oVoI/PRzMCyOvNpyKhfFQD55BLPFIvvP08txHLhIdMmGGcB3IVjdDGNcYYuMEFQw
wqdzmlsCyqrBFBMrznG7j17TyJXIjt7QQTit/3spd9WKWon5xsA+ETkjSOc/v1fo
e6U6QzL6fu9whmv+LzcRwYef06uccQOCBNEAaBsYgWv0t2BhdNVyPJGZoumQBRrP
HQICdXznpjwB8IAtNk198OVhBrZbS1B6RseYfTq+y++KPhUvcqExyk9wdZ4khQVz
uN/QZPv23n/D6SieZOxgPpRjBbIKJLMyoMx6xCalZ7SqXV04x+2T+KxQsrWs1N7P
042/SQjbmGWErTGZu7YN6mJeKtQxL8BX/tjGlQCJsenqw/OqrqXUvPrpiIMTx/1o
ZtaGzmvaTeJOB6erLe8VLrnNnqS40b9cDLsgIKK/F34NZHR/eGPjPq+WY0wlc27U
j69en7f+HT6K1uCmTL64zoBixJepTGbgnHmgUoPQCxpSkz3viuGdbIqKMg2PRwaf
8dWaL7pBbS/LbWgRJ9ZuBz0Yl+FSGw8ffSTfKaunamNJsire3H9Vnm8G7o0+4sCo
DozDQFMEILHuYzlbp30IG7LMF61tr5WHKjMsRxgZbs5vUTAtwhZPK21knvIyb7ww
6gJCLpKh7niaXRoyPCbKOObuWWcuW8FewH+AWTYffy1v1HdQGTHqDURkW+LzQmpw
36h29C/AQjtmVhl1ngo0irHQ9xZyHyw0CuNK+BAHIEq1rdR+N5RfK8HisV1sRH6O
fdPEp8QARY+RKojp0bYG4DcfL281KF/N1stubODzKtcd6G7LHTmFZ8QKGPY7Fv5m
37apad9rYBvvA0WahEhwnIKj7oQ/1vlbQDqCJz+jTxSGF9ZGP+OaoDPqTodjnJO7
8mNWoq6krtYWVQEBKpO6CR8ctsjxCuovCxnlP09N5WHED1qQS+g5YZRQVRCS2r9Q
syNxShRmAGdaqqDlqyzTeZcHfcdFa04io3PpGNK1Ge/eBnyEAHFS4g1q2uv4NYEG
Slkel9ll8N/nnJQnPUXBO83TnL1igRcAu4gmjRRtbQZproV1FcJL5xtq3G7G9nG3
QFrsf9yIoAyEc9SjMORLXNnK4/nFD2++9urbhjgFls1o0YP7omG6bWuFqLVDtAdf
IIHf5YySM9SgGMG2EU7UkY8TwDy4rXibsjHTaorn/eagzivJT8HPQGVLT8C6Jnmm
yMZNDzkZwo6vzLXhdRmuDawQ33jVocOiT0rPiddJBtvst0HbhWXE3iMqvJ56Qf/Q
/QBQ7rqcx1nhjXlxj2Sg++OnbtpeivAueDPnSEgRE62x+NjNBewhmglKPN3HStfg
6L4HClDLc4IahOUET/JLRIiM554nBtTUVuq2ISy/xZ55Su8in4ys/0WxN9tH1VpG
wQm7WZhFY5qi0BG4WjXY+6ye1aGA83x44ehkjRl+m94y16QT0Ms8Ffgda4fe6vTr
O3z5k2lJV/MTZd2IXHSVbtxcw+UqPfy8kGOBFAxO0bLlg0VFNcPgkTsTXOVDEV/1
Qa+uRkZd+GNjeybWSms99JkL+7nDembDEcB+AdNbLIw4y2i0rAbHgKZELrhcDWxv
4xWxr5RuMNi2Q5C27tMnqVTJy/snnB11iLMvvhla2Feg81AtOZNADgmRudNg8dgL
wHlKDgCBGuBlvDipZPaGWyBNRSJfdYGdR+CmTGIIcUrzM2w47o2d7hdsYWdx9R0a
tFN1FNeCQnmdYK+TJKZd8HrgutW6TRF9CkXSD2PvX3N/V0vsPKYkA26dtQ9eRNQu
YI9TsdleZhsw+5QwggHEBgkqhkiG9w0BBwOgggG1MIIBsQIBADGCATwwggE4AgEA
MCAwGzEZMBcGA1UEAxMQdW5Vc2VkSXNzdWVyTmFtZQIBADANBgkqhkiG9w0BAQEF
AASCAQCWON/68FhtWK69wqDiu1HFodXSAQgfOGVcY3m0F6ELgubcqSU30+XMOSGp
WCT96rWIjhghfik+ovzGmfykveK7R1F4J3em5h+gOyVIOeLlthIhjC24K0nuExOK
gb8sYjwUL7g4iUoaxPDcoHJ0VZ59o41ReALuGZaT01Y3Q5/Uc6qacV3tgw9BSYgi
Eu0Pa2s1VoPVWDwsh2QIoxL2j7/px3qOv8GaWHuiMne3ROSz+VKD8CzHh/amayqe
dCQEjToJS7LTCvg7r246RKKWyQVJfhnN5zOkJXV2UYhsTfU9vyFGOqfKSpDyn5hz
c7GWqP3Ezc5ZhRrR4EwCs7sGEOeCMGwGCSqGSIb3DQEHATAdBglghkgBZQMEAQIE
EAEBAQEBAQEBAQEBAQEBAQGAQJ2HqdIHu24icWx1rHckcdyfNc2oekyh5WSgsKu4
ZprB+qOG7Z5MR/P5AxrEOc43YHGi37Ex8jrHWxpe7iqRYtowHQYJYIZIAWUDBAEC
BBDUAB7MbimlD/4X2dVHW/ftMAsGCWCGSAFlAwQCAQQg9MuP3RFATrLBn4bWujPd
D6OrUvGZh3vsSvpYaANxC3AwMQIBAgYIKwYBBQUHBwExIjAgAgEDMAMCAQEwFgQD
MTQ4GA8yMDE3MDYyODA1NDU1MFowADAAoIID9zCCA/MwggLboAMCAQICAQEwDQYJ
KoZIhvcNAQENBQAwXDEfMB0GA1UECgwWRXhhbXBsZS1UZXN0LXJoZWwtZmlwczEY
MBYGA1UECwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYDVQQDDBZDQSBTaWduaW5nIENl
cnRpZmljYXRlMB4XDTE3MDYwNzE2MTQxNVoXDTM3MDYwNzE2MTQxNVowXDEfMB0G
A1UECgwWRXhhbXBsZS1UZXN0LXJoZWwtZmlwczEYMBYGA1UECwwPcGtpLVJvb3RD
QS1DTUMzMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl9Poda55C4eQMMTVdLVutdoUB1jH14a
qxd3pF+IpEqsPjzufFetwri8jX9FoSAagltnpaWVbeTpat7xHl8kowhXjt0x9DED
QuHHxZ7QApA8dHIpswACzlDT9FYU5qmNAB834+djr31/l2ehEOg4C2lXEKRHRUfa
UdpSC0rpz56mu+80Sjl9V6IBp9J0rX6ogyBCJcergmg6kuGG6RJ0Uq080QIrCBEa
VWpgo+nuyxLCSLAp5HpLeqEgHW6jp4TT7UySQJvLluri//FBcmeQTPYQvAQcbsjQ
1MDSuYR8hHgbDHkg50zfMEb4oQLCq9hizPF5TVgFd/1BKPvnuwIzxwIDAQABo4G/
MIG8MB8GA1UdIwQYMBaAFLrShcsVxSboEFFL8E/BSBCkUN+CMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBS60oXLFcUm6BBRS/BPwUgQ
pFDfgjBZBggrBgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly9jc3FhNC1n
dWVzdDA0LmlkbS5sYWIuZW5nLnJkdS5yZWRoYXQuY29tOjI1MDgwL2NhL29jc3Aw
DQYJKoZIhvcNAQENBQADggEBAGXfc4ofwjSDOmCXjLPSzthyVE/NHcbwgRbzisgM
BF7YN1S4jgYDutVg9PIF8cZJVBD7jicZGh+J9SyjCrwAIMIa49S/XdimvfGL9+V5
zmptyuFzN7TidZW1blviCEoi79N0bxceki/rmGSrZtyup0n+t2jvENFVM7WKVCQu
dgRlpUpI7iGkfmyb5n/yt7VpiOOSw+GiIzdJH+691rJdW71LmNKIXrEzjudA/QUZ
pxP7TfX1S0HMYcQfPyjazrkSUxyEw75lOPFSU6CGv1ntDDc8HeFVNetidSb5gZG6
JC5OQ9ygDCgtBaerTLSkIraXiYD5/C+hTkBufLCzIUiipX8xggH4MIIB9AIBAzBh
MFwxHzAdBgNVBAoMFkV4YW1wbGUtVGVzdC1yaGVsLWZpcHMxGDAWBgNVBAsMD3Br
aS1Sb290Q0EtQ01DMzEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZQIB
ATANBglghkgBZQMEAgMFAKBqMBcGCSqGSIb3DQEJAzEKBggrBgEFBQcMAzBPBgkq
hkiG9w0BCQQxQgRAuapZZuCLGJECcrk+qnjWsBcl03Ic+4ANyvqb6nGXSRjm8UZA
oPCEo3J4cyDGUX+xJtNW7f/TyxbQ80rv6MKGFjANBgkqhkiG9w0BAQEFAASCAQAN
S8zJNg78yoqdcVpUpDsvLehZ00iGyT0AXq+IbeVi+aEDWlW+QVBNGyJApHmYVHLm
Y6ZtUcHwAf1okAbcPTzICZacm1OurV+09ILh/5ci0Meu54mjXt1BIBW98UQIiqqq
8GqgJp3r9tDukUmNk+mg54bbejZZjcaG6V/fjUDbNdfhiD/MqldmQJQYlN3KuLOS
/E4odRnp9CN7o82m0O6m1uj1r54wlgeCx3bWmTCdEezk1beOl9pfKYlo+/SRp6S6
unHHsVoBjFgay4Jb+b0A8vLNcRhxWZx+k4NkwkSBsIWcQy1+ZVOe6JhcvfQucwPK
A5k1gfTrWAjWxO5sJyzb


The response in binary format is stored in user-signed/cmcResp2-round1

[root@pki1 certs_db]# CMCResponse -d . -i user-signed/cmcResp2-round1
Certificates: 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x1
            Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Issuer: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Validity: 
                Not Before: Wednesday, June 7, 2017 12:14:15 PM EDT America/New_York
                Not  After: Sunday, June 7, 2037 12:14:15 PM EDT America/New_York
            Subject: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        BE:5F:4F:A1:D6:B9:E4:2E:1E:40:C3:13:55:D2:D5:BA:
                        D7:68:50:1D:63:1F:5E:1A:AB:17:77:A4:5F:88:A4:4A:
                        AC:3E:3C:EE:7C:57:AD:C2:B8:BC:8D:7F:45:A1:20:1A:
                        82:5B:67:A5:A5:95:6D:E4:E9:6A:DE:F1:1E:5F:24:A3:
                        08:57:8E:DD:31:F4:31:03:42:E1:C7:C5:9E:D0:02:90:
                        3C:74:72:29:B3:00:02:CE:50:D3:F4:56:14:E6:A9:8D:
                        00:1F:37:E3:E7:63:AF:7D:7F:97:67:A1:10:E8:38:0B:
                        69:57:10:A4:47:45:47:DA:51:DA:52:0B:4A:E9:CF:9E:
                        A6:BB:EF:34:4A:39:7D:57:A2:01:A7:D2:74:AD:7E:A8:
                        83:20:42:25:C7:AB:82:68:3A:92:E1:86:E9:12:74:52:
                        AD:3C:D1:02:2B:08:11:1A:55:6A:60:A3:E9:EE:CB:12:
                        C2:48:B0:29:E4:7A:4B:7A:A1:20:1D:6E:A3:A7:84:D3:
                        ED:4C:92:40:9B:CB:96:EA:E2:FF:F1:41:72:67:90:4C:
                        F6:10:BC:04:1C:6E:C8:D0:D4:C0:D2:B9:84:7C:84:78:
                        1B:0C:79:20:E7:4C:DF:30:46:F8:A1:02:C2:AB:D8:62:
                        CC:F1:79:4D:58:05:77:FD:41:28:FB:E7:BB:02:33:C7
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: Basic Constraints - 2.5.29.19
                    Critical: yes 
                    Is CA: yes 
                    Path Length Constraint: UNLIMITED
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key CertSign 
                        Crl Sign 
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:4B:30:49:06:08:2B:06:01:05:05:07:30:01:86:3D:
                        68:74:74:70:3A:2F:2F:63:73:71:61:34:2D:67:75:65:
                        73:74:30:34:2E:69:64:6D:2E:6C:61:62:2E:65:6E:67:
                        2E:72:64:75:2E:72:65:64:68:61:74:2E:63:6F:6D:3A:
                        32:35:30:38:30:2F:63:61:2F:6F:63:73:70
        Signature: 
            Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Signature: 
                65:DF:73:8A:1F:C2:34:83:3A:60:97:8C:B3:D2:CE:D8:
                72:54:4F:CD:1D:C6:F0:81:16:F3:8A:C8:0C:04:5E:D8:
                37:54:B8:8E:06:03:BA:D5:60:F4:F2:05:F1:C6:49:54:
                10:FB:8E:27:19:1A:1F:89:F5:2C:A3:0A:BC:00:20:C2:
                1A:E3:D4:BF:5D:D8:A6:BD:F1:8B:F7:E5:79:CE:6A:6D:
                CA:E1:73:37:B4:E2:75:95:B5:6E:5B:E2:08:4A:22:EF:
                D3:74:6F:17:1E:92:2F:EB:98:64:AB:66:DC:AE:A7:49:
                FE:B7:68:EF:10:D1:55:33:B5:8A:54:24:2E:76:04:65:
                A5:4A:48:EE:21:A4:7E:6C:9B:E6:7F:F2:B7:B5:69:88:
                E3:92:C3:E1:A2:23:37:49:1F:EE:BD:D6:B2:5D:5B:BD:
                4B:98:D2:88:5E:B1:33:8E:E7:40:FD:05:19:A7:13:FB:
                4D:F5:F5:4B:41:CC:61:C4:1F:3F:28:DA:CE:B9:12:53:
                1C:84:C3:BE:65:38:F1:52:53:A0:86:BF:59:ED:0C:37:
                3C:1D:E1:55:35:EB:62:75:26:F9:81:91:BA:24:2E:4E:
                43:DC:A0:0C:28:2D:05:A7:AB:4C:B4:A4:22:B6:97:89:
                80:F9:FC:2F:A1:4E:40:6E:7C:B0:B3:21:48:A2:A5:7F
        FingerPrint
            MD2:
                14:1A:7B:AF:60:17:19:B0:FD:1B:1B:E2:5F:41:A3:6E
            MD5:
                2B:E4:D0:7B:91:FA:A0:E4:1D:29:AE:A7:92:33:C1:48
            SHA-1:
                47:AB:4E:9E:C9:FF:82:D2:CB:D5:32:F9:88:DF:78:66:
                2E:2F:A9:B9
            SHA-256:
                39:30:9C:47:C7:23:F0:6C:1C:3C:47:57:BC:27:91:B7:
                30:74:0B:B9:DC:92:31:8A:65:D7:7D:06:FE:17:61:C3
            SHA-512:
                03:03:91:47:B0:00:9D:E7:3B:54:B0:A1:62:BB:A6:0A:
                D4:30:A0:6F:CC:F5:F8:3F:ED:D4:B1:B0:0E:B3:9E:61:
                6E:77:6D:96:51:39:37:54:1E:79:80:51:61:4C:01:E2:
                50:D7:14:F5:9D:6C:AE:D0:1F:5C:11:27:86:3A:F5:99


Number of controls is 2
Control #0: CMC encrypted POP
   OID: {1 3 6 1 5 5 7 7 9}
after encryptedPOP encode
Control #1: CMCStatusInfo
   OID: {1 3 6 1 5 5 7 7 1}
   BodyList: 1 
   OtherInfo type: PEND
PendInfo present...processing...
   Date: 28/Jun/2017:01:45:50 EDT
   Pending request id: 148
[root@pki1 certs_db]# CMCRequest user-signed/cmc-crmf-DecryptedPOP.cfg

cert/key prefix = 
path = /opt/rhqa_pki/certs_db/
CryptoManger initialized
token internal logged in...
got signerCert: user_geetika
got request privKeyId: -a2c7a2c613c6429defbb108dba85cdedb27522a
got private key
processEncryptedPopResponse:  begins.
processEncryptedPopResponse:  previous response read.
processEncryptedPopResponse: Number of controls is 2
processEncryptedPopResponse: Control #0: CMC encrypted POP
processEncryptedPopResponse:    OID: {1 3 6 1 5 5 7 7 9}
processEncryptedPopResponse: encryptedPOP decoded successfully
processEncryptedPopResponse: Control #1: CMCStatusInfo
processEncryptedPopResponse:    OID: {1 3 6 1 5 5 7 7 1}
processEncryptedPopResponse:    BodyList: 1 
processEncryptedPopResponse:    OtherInfo type: PEND
processEncryptedPopResponse: PendInfo present...processing...
processEncryptedPopResponse:    Date: 28/Jun/2017:01:45:50 EDT
processEncryptedPopResponse:    Pending request id: 148
processEncryptedPopResponse:  what we expected, as encryptedPOP.enable is true;
processEncryptedPopResponse: ends
constructDecryptedPopRequest: begins
constructDecryptedPopRequest:  previous response parsed.
constructDecryptedPopRequest: symKey unwrapped.
constructDecryptedPopRequest: challenge decrypted.
CryptoUtil: getNameFromHashAlgorithm: {2 16 840 1 101 3 4 2 1}
constructDecryptedPopRequest: Yay! witness verified
constructDecryptedPopRequest: calculating POP Proof Value
constructDecryptedPopRequest: constructing DecryptedPOP...
constructDecryptedPopRequest: DecryptedPOP constructed successfully
constructDecryptedPopRequest: adding decryptedPop control
constructDecryptedPopRequest: decryptedPop control added
constructDecryptedPopRequest:  completes.
selfSign is false...
signData: begins: 
getPrivateKey: got signing cert
signData:  got signer privKey
createSignedData: begins
getSigningAlgFromPrivate: begins.
getSigningAlgFromPrivate: found signingKeyType=RSA
getSigningAlgFromPrivate: using SignatureAlgorithm: RSASignatureWithSHA256Digest
createSignedData: digest created for pkidata
createSignedData: digest algorithm =RSA
createSignedData: building cert chain
signData: signed request generated.
getCMCBlob: begins
getCMCBlob: generating signed data

The CMC enrollment request in base-64 encoded format:

MIIR1AYJKoZIhvcNAQcCoIIRxTCCEcECAQMxDzANBglghkgBZQMEAgEFADCCCAEG
CCsGAQUFBwwCoIIH8wSCB+8wggfrMFgwVgIBAQYIKwYBBQUHBwoxRzBFAgIAlDAd
BglghkgBZQMEAQIEENQAHsxuKaUP/hfZ1Udb9+0EIM92cg5YM+duxJIEHaCudaTu
9Bzi4lUxXoxCgIemjvl9MIIHiaGCB4UwggeBAgEBMIIBZoABAqU7MDkxDTALBgNV
BAsTBHRlc3QxFzAVBgoJkiaJk/IsZAEBEwdUZXN0aW5nMQ8wDQYDVQQDEwZUZXN0
MTGmggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxD/UpAiueBUbX0Ge2
4NOedc4hAguEQx8Ab9Zn1vXfjVohDDzOoePa1Z6flkLdXag5/z4icOhlZC/FPDvd
vxAmvTozTxjMFjeZztghTeSCaQghXZC/VJujO1tco4JREUi12AryZr8mBVGEJvmw
RtfCVVf7VBKnO9cq48hyaueKlvgvJZbi58cXOdd5SQ94wTchh2CNysoZIhq6T3we
h7Eph2/zgEBtupKjdxoNvdF7A1WJ6A8BEV1nuVA3+HJMzqQUgvJA/pf3puRG87Wy
OSY4joDfe2Pk8S//PvfNVDHAWzXyV2SQZ8/ty6pCttpsT7ODJ3+TqH7sSzITomRo
+byVAgMBAAEwggYQMIIGDAYJKwYBBQUHBQEEoIIF/TCCBfmhHQYJYIZIAWUDBAEC
BBBhhfZBwP6BP7qWwzyT9ratgoIBAQCTHrapXcr7N3yqtNnWvkPCiR5yECUGBjSI
tdB2sBz1kfzbFyvSvnHBj8Xv9tVhfOJiRV284lmMKpBWEyqkf8bx+ReWfoaMLQ8v
XrFUaaXgag7BIQ1vilOSWnUH5pwMEltwiW6eYLu3AchoU1iXbSBjFn7yw1ObRWdV
0czbQhuLCnja81E05WIPW9uhWgj89HMwLI682nIqF8VAPnkEs8Ui+8/Ty3EcuEh0
yYYZwHchWN0MY1xhi4wQVDDCp3OaWwLKqsEUEyvOcbuPXtPIlciO3tBBOK3/eyl3
1YpaifnGwD4ROSNI5z+/V+h7pTpDMvp+73CGa/4vNxHBh5/Tq5xxA4IE0QBoGxiB
a/S3YGF01XI8kZmi6ZAFGs8dAgJ1fOemPAHwgC02TX3w5WEGtltLUHpGx5h9Or7L
74o+FS9yoTHKT3B1niSFBXO439Bk+/bef8PpKJ5k7GA+lGMFsgokszKgzHrEJqVn
tKpdXTjH7ZP4rFCytazU3s/Tjb9JCNuYZYStMZm7tg3qYl4q1DEvwFf+2MaVAImx
6erD86qupdS8+umIgxPH/Whm1obOa9pN4k4Hp6st7xUuuc2epLjRv1wMuyAgor8X
fg1kdH94Y+M+r5ZjTCVzbtSPr16ft/4dPorW4KZMvrjOgGLEl6lMZuCceaBSg9AL
GlKTPe+K4Z1siooyDY9HBp/x1ZovukFtL8ttaBEn1m4HPRiX4VIbDx99JN8pq6dq
Y0myKt7cf1WebwbujT7iwKgOjMNAUwQgse5jOVunfQgbsswXrW2vlYcqMyxHGBlu
zm9RMC3CFk8rbWSe8jJvvDDqAkIukqHueJpdGjI8Jso45u5ZZy5bwV7Af4BZNh9/
LW/Ud1AZMeoNRGRb4vNCanDfqHb0L8BCO2ZWGXWeCjSKsdD3FnIfLDQK40r4EAcg
SrWt1H43lF8rweKxXWxEfo5908SnxABFj5EqiOnRtgbgNx8vbzUoX83Wy25s4PMq
1x3obssdOYVnxAoY9jsW/mbftqlp32tgG+8DRZqESHCcgqPuhD/W+VtAOoInP6NP
FIYX1kY/45qgM+pOh2Ock7vyY1airqSu1hZVAQEqk7oJHxy2yPEK6i8LGeU/T03l
YcQPWpBL6DlhlFBVEJLav1CzI3FKFGYAZ1qqoOWrLNN5lwd9x0VrTiKjc+kY0rUZ
794GfIQAcVLiDWra6/g1gQZKWR6X2WXw3+eclCc9RcE7zdOcvWKBFwC7iCaNFG1t
BmmuhXUVwkvnG2rcbsb2cbdAWux/3IigDIRz1KMw5Etc2crj+cUPb7726tuGOAWW
zWjRg/uiYbpta4WotUO0B18ggd/ljJIz1KAYwbYRTtSRjxPAPLiteJuyMdNqiuf9
5qDOK8lPwc9AZUtPwLomeabIxk0PORnCjq/MteF1Ga4NrBDfeNWhw6JPSs+J10kG
2+y3QduFZcTeIyq8nnpB/9D9AFDuupzHWeGNeXGPZKD746du2l6K8C54M+dISBET
rbH42M0F7CGaCUo83cdK1+DovgcKUMtzghqE5QRP8ktEiIznnicG1NRW6rYhLL/F
nnlK7yKfjKz/RbE320fVWkbBCbtZmEVjmqLQEbhaNdj7rJ7VoYDzfHjh6GSNGX6b
3jLXpBPQyzwV+B1rh97q9Os7fPmTaUlX8xNl3YhcdJVu3FzD5So9/LyQY4EUDE7R
suWDRUU1w+CROxNc5UMRX/VBr65GRl34Y2N7JtZKaz30mQv7ucN6ZsMRwH4B01ss
jDjLaLSsBseApkQuuFwNbG/jFbGvlG4w2LZDkLbu0yepVMnL+yecHXWIsy++GVrY
V6DzUC05k0AOCZG502Dx2AvAeUoOAIEa4GW8OKlk9oZbIE1FIl91gZ1H4KZMYghx
SvMzbDjujZ3uF2xhZ3H1HRq0U3UU14JCeZ1gr5Mkpl3weuC61bpNEX0KRdIPY+9f
c39XS+w8piQDbp21D15E1C5gj1Ox2V5mGzD7lDAAMACgggfBMIIDxjCCAq6gAwIB
AgIIGAAYABgAGAkwDQYJKoZIhvcNAQENBQAwXDEfMB0GA1UECgwWRXhhbXBsZS1U
ZXN0LXJoZWwtZmlwczEYMBYGA1UECwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYDVQQD
DBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTE3MDYyNzA5NTIxN1oXDTE3MTIy
NDEwNTIxN1owOTENMAsGA1UECxMEdGVzdDEXMBUGCgmSJomT8ixkAQETB1Rlc3Rp
bmcxDzANBgNVBAMTBlRlc3QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmSlBC/NQxZx+2gUaLf1Nh9dQDx3RY0A6bWCKUReghYvYgaSjnTL/4e46aq
zz+8p1oKsKARQZ8oJGB+n/wDbGlr5j9S+ApMqbwc08SwVlFUOzoV3zu6keE8Moic
P6i72hs5HJeoYPS7AZt+4Z3jY3DhgxEgM0IIsu7Ru2w33JJUK6UiDldW2CXaTq1X
/OnOL+FNFKeBV9lAWFVZnucKZXpIv4dbGwFasifFBpVYKBfWoIn7JR7PkKGI56K/
Ti0NKl/qtkGqae36k+m1QIM5x8P+673zETLkh6QLe0rmH5XRGhym7Z0MAABvcMII
ggg+JHk/Msz2Ezpfmm5uua3bpccCAwEAAaOBrjCBqzAfBgNVHSMEGDAWgBS60oXL
FcUm6BBRS/BPwUgQpFDfgjBZBggrBgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0
dHA6Ly9jc3FhNC1ndWVzdDA0LmlkbS5sYWIuZW5nLnJkdS5yZWRoYXQuY29tOjI1
MDgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDBDANBgkqhkiG9w0BAQ0FAAOCAQEApvsUpZLVTYaYGb/EqJPZwvaG
wGXrZcCS2AHy0zr6DuP/6m4pcvWWVqx53ztg8macGzhSz4eTxFP0g+ESJ3IYDAMf
wY0bNiNQMTdDw1icHmEqThj7rU5cL/xcWBz+Y1cD9z9F1vm2/36PHkKZFpWgGRYG
8LZp5Sm9cmOeqy7O/ouOp6zDyVDmNC4zX3cE0ERatn1hX33dfhv3IRSGwTHP9FPp
pr0QUpDk8WvQwTIOY1woN8Lx1/NTVpbO2+siYNNuBpgOug1linp9/YWLeRZ9qX0Q
hW97wRx3BeMA5iPUqdMVn1+xQuKZCaH76w4+H5OiAAZ6RiuyxCtSwxCRpA5qgTCC
A/MwggLboAMCAQICAQEwDQYJKoZIhvcNAQENBQAwXDEfMB0GA1UECgwWRXhhbXBs
ZS1UZXN0LXJoZWwtZmlwczEYMBYGA1UECwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYD
VQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTE3MDYwNzE2MTQxNVoXDTM3
MDYwNzE2MTQxNVowXDEfMB0GA1UECgwWRXhhbXBsZS1UZXN0LXJoZWwtZmlwczEY
MBYGA1UECwwPcGtpLVJvb3RDQS1DTUMzMR8wHQYDVQQDDBZDQSBTaWduaW5nIENl
cnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl9Poda5
5C4eQMMTVdLVutdoUB1jH14aqxd3pF+IpEqsPjzufFetwri8jX9FoSAagltnpaWV
beTpat7xHl8kowhXjt0x9DEDQuHHxZ7QApA8dHIpswACzlDT9FYU5qmNAB834+dj
r31/l2ehEOg4C2lXEKRHRUfaUdpSC0rpz56mu+80Sjl9V6IBp9J0rX6ogyBCJcer
gmg6kuGG6RJ0Uq080QIrCBEaVWpgo+nuyxLCSLAp5HpLeqEgHW6jp4TT7UySQJvL
luri//FBcmeQTPYQvAQcbsjQ1MDSuYR8hHgbDHkg50zfMEb4oQLCq9hizPF5TVgF
d/1BKPvnuwIzxwIDAQABo4G/MIG8MB8GA1UdIwQYMBaAFLrShcsVxSboEFFL8E/B
SBCkUN+CMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQW
BBS60oXLFcUm6BBRS/BPwUgQpFDfgjBZBggrBgEFBQcBAQRNMEswSQYIKwYBBQUH
MAGGPWh0dHA6Ly9jc3FhNC1ndWVzdDA0LmlkbS5sYWIuZW5nLnJkdS5yZWRoYXQu
Y29tOjI1MDgwL2NhL29jc3AwDQYJKoZIhvcNAQENBQADggEBAGXfc4ofwjSDOmCX
jLPSzthyVE/NHcbwgRbzisgMBF7YN1S4jgYDutVg9PIF8cZJVBD7jicZGh+J9Syj
CrwAIMIa49S/XdimvfGL9+V5zmptyuFzN7TidZW1blviCEoi79N0bxceki/rmGSr
Ztyup0n+t2jvENFVM7WKVCQudgRlpUpI7iGkfmyb5n/yt7VpiOOSw+GiIzdJH+69
1rJdW71LmNKIXrEzjudA/QUZpxP7TfX1S0HMYcQfPyjazrkSUxyEw75lOPFSU6CG
v1ntDDc8HeFVNetidSb5gZG6JC5OQ9ygDCgtBaerTLSkIraXiYD5/C+hTkBufLCz
IUiipX8xggHfMIIB2wIBAzBoMFwxHzAdBgNVBAoMFkV4YW1wbGUtVGVzdC1yaGVs
LWZpcHMxGDAWBgNVBAsMD3BraS1Sb290Q0EtQ01DMzEfMB0GA1UEAwwWQ0EgU2ln
bmluZyBDZXJ0aWZpY2F0ZQIIGAAYABgAGAkwDQYJYIZIAWUDBAIBBQCgSjAXBgkq
hkiG9w0BCQMxCgYIKwYBBQUHDAIwLwYJKoZIhvcNAQkEMSIEICGKRBIJI9ts9Qxa
+ThSlRlGflWDgAHi6G/VWfZreAg6MA0GCSqGSIb3DQEBAQUABIIBABd9jrmfm4WD
Nankfyc2cuwFLBE4BypxFPweyYL/VBETvymlFoHvUWm0CUcd/U/HYkjuG0u3xuZe
he3990kR5z9RJtT4ltoNmQCoFc1nOIUzsTO1CSAoZBeqiSbE1BzGz3AU0v+oztNM
/4X9WcWevP7j9OWQ9xeJWeS78xRdqF4HekXYrTAavb611IvJ+0y+FEj4sbtC0610
lpCT9HtUPj1Tdr/POoKgmfR+AkspmTnBV2kXCFPHelEhjiGdb+cnBZgTpn3XNpTY
P+4Fz20iF2GiC3Bef0syF74QMsOXSUHRaHK/Mieya2MGw0+UCbdVaQ1hblF7hz5Q
nPTVMz3QR8M=



The CMC enrollment request in binary format is stored in cmc.decreyptedPOP.response.
[root@pki1 certs_db]# HttpClient user-signed/HttpClient-crmf-DecryptedPOP.cfg

Total number of bytes read = 4568
after SSLSocket created, thread token is NSS FIPS 140-2 User Private Key
client cert is not null
handshake happened
writing to socket
Total number of bytes read = 2587
MIIKFwYJKoZIhvcNAQcCoIIKCDCCCgQCAQMxDzANBglghkgBZQMEAgMFADAxBggr
BgEFBQcMA6AlBCMwITAbMBkCAQEGCCsGAQUFBwcBMQowCAIBADADAgEBMAAwAKCC
B70wggPCMIICqqADAgECAgQErdukMA0GCSqGSIb3DQEBDQUAMFwxHzAdBgNVBAoM
FkV4YW1wbGUtVGVzdC1yaGVsLWZpcHMxGDAWBgNVBAsMD3BraS1Sb290Q0EtQ01D
MzEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xNzA2MjgwNTQ1
NTBaFw0xNzEyMjUwNjQ1NTBaMDkxDTALBgNVBAsTBHRlc3QxFzAVBgoJkiaJk/Is
ZAEBEwdUZXN0aW5nMQ8wDQYDVQQDEwZUZXN0MTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxD/UpAiueBUbX0Ge24NOedc4hAguEQx8Ab9Zn1vXfjVoh
DDzOoePa1Z6flkLdXag5/z4icOhlZC/FPDvdvxAmvTozTxjMFjeZztghTeSCaQgh
XZC/VJujO1tco4JREUi12AryZr8mBVGEJvmwRtfCVVf7VBKnO9cq48hyaueKlvgv
JZbi58cXOdd5SQ94wTchh2CNysoZIhq6T3weh7Eph2/zgEBtupKjdxoNvdF7A1WJ
6A8BEV1nuVA3+HJMzqQUgvJA/pf3puRG87WyOSY4joDfe2Pk8S//PvfNVDHAWzXy
V2SQZ8/ty6pCttpsT7ODJ3+TqH7sSzITomRo+byVAgMBAAGjga4wgaswHwYDVR0j
BBgwFoAUutKFyxXFJugQUUvwT8FIEKRQ34IwWQYIKwYBBQUHAQEETTBLMEkGCCsG
AQUFBzABhj1odHRwOi8vY3NxYTQtZ3Vlc3QwNC5pZG0ubGFiLmVuZy5yZHUucmVk
aGF0LmNvbToyNTA4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAU
BggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQENBQADggEBAD4k/NP2r9kj
d/nqPzSWhw8mVpraY/hv3ODZAbvswh7ODRtOdhnLzHCbfdWIYelw264PGnzOqWiC
JiuZKOvxKvYJzcVHDcbJyFboKeBjRwDlxPkKJ5EWJiDYul9SFPrz6Bgu2ZEnQTs+
eMqUpMzBUztY2krjdt5Vepxo0dXKbfIHJYaPha/p+LU53g1enGyJmywWbLKdsvvW
hXuf24itrCZlzUs1oaE1q0dUJVmfYiQ+m2gTQLCdqTbv10mYdzb6BVDFbhjPsw5P
7lqcwvU8jAzUKoqd7QtcATaya5c4S+qJMOFs4QxZZwMqc47x1RPAzaiAFbiZXXZ4
m62+1MyBptUwggPzMIIC26ADAgECAgEBMA0GCSqGSIb3DQEBDQUAMFwxHzAdBgNV
BAoMFkV4YW1wbGUtVGVzdC1yaGVsLWZpcHMxGDAWBgNVBAsMD3BraS1Sb290Q0Et
Q01DMzEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xNzA2MDcx
NjE0MTVaFw0zNzA2MDcxNjE0MTVaMFwxHzAdBgNVBAoMFkV4YW1wbGUtVGVzdC1y
aGVsLWZpcHMxGDAWBgNVBAsMD3BraS1Sb290Q0EtQ01DMzEfMB0GA1UEAwwWQ0Eg
U2lnbmluZyBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL5fT6HWueQuHkDDE1XS1brXaFAdYx9eGqsXd6RfiKRKrD487nxXrcK4vI1/
RaEgGoJbZ6WllW3k6Wre8R5fJKMIV47dMfQxA0Lhx8We0AKQPHRyKbMAAs5Q0/RW
FOapjQAfN+PnY699f5dnoRDoOAtpVxCkR0VH2lHaUgtK6c+eprvvNEo5fVeiAafS
dK1+qIMgQiXHq4JoOpLhhukSdFKtPNECKwgRGlVqYKPp7ssSwkiwKeR6S3qhIB1u
o6eE0+1MkkCby5bq4v/xQXJnkEz2ELwEHG7I0NTA0rmEfIR4Gwx5IOdM3zBG+KEC
wqvYYszxeU1YBXf9QSj757sCM8cCAwEAAaOBvzCBvDAfBgNVHSMEGDAWgBS60oXL
FcUm6BBRS/BPwUgQpFDfgjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
xjAdBgNVHQ4EFgQUutKFyxXFJugQUUvwT8FIEKRQ34IwWQYIKwYBBQUHAQEETTBL
MEkGCCsGAQUFBzABhj1odHRwOi8vY3NxYTQtZ3Vlc3QwNC5pZG0ubGFiLmVuZy5y
ZHUucmVkaGF0LmNvbToyNTA4MC9jYS9vY3NwMA0GCSqGSIb3DQEBDQUAA4IBAQBl
33OKH8I0gzpgl4yz0s7YclRPzR3G8IEW84rIDARe2DdUuI4GA7rVYPTyBfHGSVQQ
+44nGRofifUsowq8ACDCGuPUv13Ypr3xi/flec5qbcrhcze04nWVtW5b4ghKIu/T
dG8XHpIv65hkq2bcrqdJ/rdo7xDRVTO1ilQkLnYEZaVKSO4hpH5sm+Z/8re1aYjj
ksPhoiM3SR/uvdayXVu9S5jSiF6xM47nQP0FGacT+0319UtBzGHEHz8o2s65ElMc
hMO+ZTjxUlOghr9Z7Qw3PB3hVTXrYnUm+YGRuiQuTkPcoAwoLQWnq0y0pCK2l4mA
+fwvoU5AbnywsyFIoqV/MYIB+DCCAfQCAQMwYTBcMR8wHQYDVQQKDBZFeGFtcGxl
LVRlc3QtcmhlbC1maXBzMRgwFgYDVQQLDA9wa2ktUm9vdENBLUNNQzMxHzAdBgNV
BAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUCAQEwDQYJYIZIAWUDBAIDBQCgajAX
BgkqhkiG9w0BCQMxCgYIKwYBBQUHDAMwTwYJKoZIhvcNAQkEMUIEQET6wdXLIi8f
9QLSS1n3oGj9kYNOIy1R9Ou1HDGs8woPHLqQF678cCTsFekM82L8gIxjbnf7y/BV
utePOIuVNrEwDQYJKoZIhvcNAQEBBQAEggEAYnZzS1ePn4LfnqcPbzoLFcaSd3yh
1wC5sCxbtwEKLLNpiDgRr2kY5YaVhKwbZVLdgEkN4BwxCvMOibiUugL6pk/lguZn
LPCvjer8arvqpN3jIw7XRLjy2z79wcu12ixTPnD6+rXcfQpvseFTW3x96UW+U3x0
Dop+1hHfyKmNZ3TJeOf1ioVFiKP8WbAyFkmSJXTjhwhdE9SW4xgn2L0uR/2OuNLE
AOnBeR2eInrLed+Bbn55v2EjaJy8MdR2yzNykPt10fv63jm94kB7X/wY+/CzgAaQ
S/lU/iE2gYTPirjlEuWhBMgzADKHLp707G22oGq6jazhPQQEtfSOTZ1akA==


The response in binary format is stored in user-signed/cmcResp2-round2

[root@pki1 certs_db]# CMCResponse -d . -i  user-signed/cmcResp2-round2
Certificates: 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x4ADDBA4
            Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Issuer: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Validity: 
                Not Before: Wednesday, June 28, 2017 1:45:50 AM EDT America/New_York
                Not  After: Monday, December 25, 2017 1:45:50 AM EST America/New_York
            Subject: CN=Test11,UID=Testing,OU=test
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        B1:0F:F5:29:02:2B:9E:05:46:D7:D0:67:B6:E0:D3:9E:
                        75:CE:21:02:0B:84:43:1F:00:6F:D6:67:D6:F5:DF:8D:
                        5A:21:0C:3C:CE:A1:E3:DA:D5:9E:9F:96:42:DD:5D:A8:
                        39:FF:3E:22:70:E8:65:64:2F:C5:3C:3B:DD:BF:10:26:
                        BD:3A:33:4F:18:CC:16:37:99:CE:D8:21:4D:E4:82:69:
                        08:21:5D:90:BF:54:9B:A3:3B:5B:5C:A3:82:51:11:48:
                        B5:D8:0A:F2:66:BF:26:05:51:84:26:F9:B0:46:D7:C2:
                        55:57:FB:54:12:A7:3B:D7:2A:E3:C8:72:6A:E7:8A:96:
                        F8:2F:25:96:E2:E7:C7:17:39:D7:79:49:0F:78:C1:37:
                        21:87:60:8D:CA:CA:19:22:1A:BA:4F:7C:1E:87:B1:29:
                        87:6F:F3:80:40:6D:BA:92:A3:77:1A:0D:BD:D1:7B:03:
                        55:89:E8:0F:01:11:5D:67:B9:50:37:F8:72:4C:CE:A4:
                        14:82:F2:40:FE:97:F7:A6:E4:46:F3:B5:B2:39:26:38:
                        8E:80:DF:7B:63:E4:F1:2F:FF:3E:F7:CD:54:31:C0:5B:
                        35:F2:57:64:90:67:CF:ED:CB:AA:42:B6:DA:6C:4F:B3:
                        83:27:7F:93:A8:7E:EC:4B:32:13:A2:64:68:F9:BC:95
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:4B:30:49:06:08:2B:06:01:05:05:07:30:01:86:3D:
                        68:74:74:70:3A:2F:2F:63:73:71:61:34:2D:67:75:65:
                        73:74:30:34:2E:69:64:6D:2E:6C:61:62:2E:65:6E:67:
                        2E:72:64:75:2E:72:65:64:68:61:74:2E:63:6F:6D:3A:
                        32:35:30:38:30:2F:63:61:2F:6F:63:73:70
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key Encipherment 
                Identifier: Extended Key Usage: - 2.5.29.37
                    Critical: no 
                    Extended Key Usage: 
                        1.3.6.1.5.5.7.3.2
                        1.3.6.1.5.5.7.3.4
        Signature: 
            Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Signature: 
                3E:24:FC:D3:F6:AF:D9:23:77:F9:EA:3F:34:96:87:0F:
                26:56:9A:DA:63:F8:6F:DC:E0:D9:01:BB:EC:C2:1E:CE:
                0D:1B:4E:76:19:CB:CC:70:9B:7D:D5:88:61:E9:70:DB:
                AE:0F:1A:7C:CE:A9:68:82:26:2B:99:28:EB:F1:2A:F6:
                09:CD:C5:47:0D:C6:C9:C8:56:E8:29:E0:63:47:00:E5:
                C4:F9:0A:27:91:16:26:20:D8:BA:5F:52:14:FA:F3:E8:
                18:2E:D9:91:27:41:3B:3E:78:CA:94:A4:CC:C1:53:3B:
                58:DA:4A:E3:76:DE:55:7A:9C:68:D1:D5:CA:6D:F2:07:
                25:86:8F:85:AF:E9:F8:B5:39:DE:0D:5E:9C:6C:89:9B:
                2C:16:6C:B2:9D:B2:FB:D6:85:7B:9F:DB:88:AD:AC:26:
                65:CD:4B:35:A1:A1:35:AB:47:54:25:59:9F:62:24:3E:
                9B:68:13:40:B0:9D:A9:36:EF:D7:49:98:77:36:FA:05:
                50:C5:6E:18:CF:B3:0E:4F:EE:5A:9C:C2:F5:3C:8C:0C:
                D4:2A:8A:9D:ED:0B:5C:01:36:B2:6B:97:38:4B:EA:89:
                30:E1:6C:E1:0C:59:67:03:2A:73:8E:F1:D5:13:C0:CD:
                A8:80:15:B8:99:5D:76:78:9B:AD:BE:D4:CC:81:A6:D5
        FingerPrint
            MD2:
                79:74:39:C5:49:FE:10:32:F4:65:8D:47:F2:35:CC:3E
            MD5:
                BE:70:C7:C9:CE:C5:63:60:CE:E4:62:70:AE:01:D4:D9
            SHA-1:
                5E:C7:B9:94:6B:65:F9:96:48:0B:5F:DE:16:DA:04:11:
                52:85:0D:2E
            SHA-256:
                41:90:7E:E1:C5:55:56:64:3D:9A:F2:5B:63:97:B5:5F:
                69:7E:A9:FE:96:5D:55:E5:83:E6:51:D7:1F:FF:88:5B
            SHA-512:
                8C:B6:CC:BF:95:3E:73:54:C5:98:8F:DC:F3:81:EB:AD:
                AD:D8:5C:38:D6:D5:D5:68:EB:66:B2:E6:6D:8B:AF:5E:
                86:B1:0F:FF:49:3F:B5:C5:0B:7E:10:D3:F0:B0:17:67:
                0A:3B:75:7B:52:8F:04:84:62:49:7F:09:7A:8A:7E:95
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x1
            Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Issuer: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Validity: 
                Not Before: Wednesday, June 7, 2017 12:14:15 PM EDT America/New_York
                Not  After: Sunday, June 7, 2037 12:14:15 PM EDT America/New_York
            Subject: CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        BE:5F:4F:A1:D6:B9:E4:2E:1E:40:C3:13:55:D2:D5:BA:
                        D7:68:50:1D:63:1F:5E:1A:AB:17:77:A4:5F:88:A4:4A:
                        AC:3E:3C:EE:7C:57:AD:C2:B8:BC:8D:7F:45:A1:20:1A:
                        82:5B:67:A5:A5:95:6D:E4:E9:6A:DE:F1:1E:5F:24:A3:
                        08:57:8E:DD:31:F4:31:03:42:E1:C7:C5:9E:D0:02:90:
                        3C:74:72:29:B3:00:02:CE:50:D3:F4:56:14:E6:A9:8D:
                        00:1F:37:E3:E7:63:AF:7D:7F:97:67:A1:10:E8:38:0B:
                        69:57:10:A4:47:45:47:DA:51:DA:52:0B:4A:E9:CF:9E:
                        A6:BB:EF:34:4A:39:7D:57:A2:01:A7:D2:74:AD:7E:A8:
                        83:20:42:25:C7:AB:82:68:3A:92:E1:86:E9:12:74:52:
                        AD:3C:D1:02:2B:08:11:1A:55:6A:60:A3:E9:EE:CB:12:
                        C2:48:B0:29:E4:7A:4B:7A:A1:20:1D:6E:A3:A7:84:D3:
                        ED:4C:92:40:9B:CB:96:EA:E2:FF:F1:41:72:67:90:4C:
                        F6:10:BC:04:1C:6E:C8:D0:D4:C0:D2:B9:84:7C:84:78:
                        1B:0C:79:20:E7:4C:DF:30:46:F8:A1:02:C2:AB:D8:62:
                        CC:F1:79:4D:58:05:77:FD:41:28:FB:E7:BB:02:33:C7
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: Basic Constraints - 2.5.29.19
                    Critical: yes 
                    Is CA: yes 
                    Path Length Constraint: UNLIMITED
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key CertSign 
                        Crl Sign 
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        BA:D2:85:CB:15:C5:26:E8:10:51:4B:F0:4F:C1:48:10:
                        A4:50:DF:82
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:4B:30:49:06:08:2B:06:01:05:05:07:30:01:86:3D:
                        68:74:74:70:3A:2F:2F:63:73:71:61:34:2D:67:75:65:
                        73:74:30:34:2E:69:64:6D:2E:6C:61:62:2E:65:6E:67:
                        2E:72:64:75:2E:72:65:64:68:61:74:2E:63:6F:6D:3A:
                        32:35:30:38:30:2F:63:61:2F:6F:63:73:70
        Signature: 
            Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Signature: 
                65:DF:73:8A:1F:C2:34:83:3A:60:97:8C:B3:D2:CE:D8:
                72:54:4F:CD:1D:C6:F0:81:16:F3:8A:C8:0C:04:5E:D8:
                37:54:B8:8E:06:03:BA:D5:60:F4:F2:05:F1:C6:49:54:
                10:FB:8E:27:19:1A:1F:89:F5:2C:A3:0A:BC:00:20:C2:
                1A:E3:D4:BF:5D:D8:A6:BD:F1:8B:F7:E5:79:CE:6A:6D:
                CA:E1:73:37:B4:E2:75:95:B5:6E:5B:E2:08:4A:22:EF:
                D3:74:6F:17:1E:92:2F:EB:98:64:AB:66:DC:AE:A7:49:
                FE:B7:68:EF:10:D1:55:33:B5:8A:54:24:2E:76:04:65:
                A5:4A:48:EE:21:A4:7E:6C:9B:E6:7F:F2:B7:B5:69:88:
                E3:92:C3:E1:A2:23:37:49:1F:EE:BD:D6:B2:5D:5B:BD:
                4B:98:D2:88:5E:B1:33:8E:E7:40:FD:05:19:A7:13:FB:
                4D:F5:F5:4B:41:CC:61:C4:1F:3F:28:DA:CE:B9:12:53:
                1C:84:C3:BE:65:38:F1:52:53:A0:86:BF:59:ED:0C:37:
                3C:1D:E1:55:35:EB:62:75:26:F9:81:91:BA:24:2E:4E:
                43:DC:A0:0C:28:2D:05:A7:AB:4C:B4:A4:22:B6:97:89:
                80:F9:FC:2F:A1:4E:40:6E:7C:B0:B3:21:48:A2:A5:7F
        FingerPrint
            MD2:
                14:1A:7B:AF:60:17:19:B0:FD:1B:1B:E2:5F:41:A3:6E
            MD5:
                2B:E4:D0:7B:91:FA:A0:E4:1D:29:AE:A7:92:33:C1:48
            SHA-1:
                47:AB:4E:9E:C9:FF:82:D2:CB:D5:32:F9:88:DF:78:66:
                2E:2F:A9:B9
            SHA-256:
                39:30:9C:47:C7:23:F0:6C:1C:3C:47:57:BC:27:91:B7:
                30:74:0B:B9:DC:92:31:8A:65:D7:7D:06:FE:17:61:C3
            SHA-512:
                03:03:91:47:B0:00:9D:E7:3B:54:B0:A1:62:BB:A6:0A:
                D4:30:A0:6F:CC:F5:F8:3F:ED:D4:B1:B0:0E:B3:9E:61:
                6E:77:6D:96:51:39:37:54:1E:79:80:51:61:4C:01:E2:
                50:D7:14:F5:9D:6C:AE:D0:1F:5C:11:27:86:3A:F5:99


Number of controls is 1
Control #0: CMCStatusInfo
   OID: {1 3 6 1 5 5 7 7 1}
   BodyList: 1 
   Status: SUCCESS


2. verify on CA EE page.

	
	
Request: 	148
Submitted on: 	6/28/2017 11:15:50
Status: 	complete
Issued certificate: 	0x04addba4

Comment 9 Ade Lee 2017-07-26 16:04:35 UTC
Doc text looks good.

Comment 10 errata-xmlrpc 2017-08-01 22:52:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2110


Note You need to log in before you can comment on or make changes to this bug.