Bug 1588944 - Cert validation for installation with external CA cert [rhel-7.5.z]
Summary: Cert validation for installation with external CA cert [rhel-7.5.z]
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.6
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Endi Sukma Dewata
QA Contact: Asha Akkiangady
Marc Muehlfeld
URL:
Whiteboard:
Keywords: TestCaseProvided, ZStream
Depends On: 1588655
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-06-08 07:28 UTC by Oneata Mircea Teodor
Modified: 2018-06-26 16:48 UTC (History)
4 users (show)

(edit)
The *pkispawn* utility now validates the path to external CA certificates during installation

Previously, during the installation of Certificate System using an external certificate authority certificate, the *pkispawn* utility did not validate the path to the certificate. If the path was incorrect, the following error was logged in the CA's debug log:

   CertInfoProfile: Unable to populate certificate: Unable to get ca certificate: Unable to initialize, java.io.IOException: DerInput.getLength(): lengthTag=9, too big.

With this update, *pkispawn* validates the path to the certificate. As a result, *pkispawn* now reports a meaningful error message.
Clone Of: 1588655
(edit)
Last Closed: 2018-06-26 16:47:59 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1979 None None None 2018-06-26 16:48 UTC

Description Oneata Mircea Teodor 2018-06-08 07:28:24 UTC
This bug has been copied from bug #1588655 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 2 Matthew Harmsen 2018-06-08 15:49:29 UTC
Endi Sukma Dewata 2018-06-07 12:52:42 EDT

The fix is already available in 10.5 branch:
https://github.com/dogtagpki/pki/commit/313c701957bedfd59f7f6368d0c37d2928d1a4a1

Comment 5 Geetika Kapoor 2018-06-13 17:26:58 UTC
Test Env:
=======


rpm -qa pki-*
pki-symkey-10.5.1-13.1.el7_5.x86_64
pki-core-debuginfo-10.5.1-13.1.el7_5.x86_64
pki-base-10.5.1-13.1.el7_5.noarch
pki-console-10.5.1-5.el7pki.noarch
pki-server-10.5.1-13.1.el7_5.noarch
pki-tps-10.5.1-12.el7pki.x86_64
pki-kra-10.5.1-13.1.el7_5.noarch
pki-tools-10.5.1-13.1.el7_5.x86_64
pki-tks-10.5.1-12.el7pki.noarch
pki-javadoc-10.5.1-13.1.el7_5.noarch
pki-base-java-10.5.1-13.1.el7_5.noarch
pki-usgov-dod-cacerts-0.0.6-4.el7.noarch
pki-ca-10.5.1-13.1.el7_5.noarch
pki-ocsp-10.5.1-12.el7pki.noarch


Test Steps:
==========

1. perform 2 step external CA installation procedure and make sure it works .
2. With any failures in csr, certificate (ca_signing or external certificate) correct error message is logged.

Comment 7 errata-xmlrpc 2018-06-26 16:47:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1979


Note You need to log in before you can comment on or make changes to this bug.