1810418 – [4.4] "You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert" on FIPS enabled cluster after upgrade

Bug 1810418 - [4.4] "You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert" on FIPS enabled cluster after upgrade

Summary: [4.4] "You are attempting to import a cert with the same issuer/serial as an ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	service-ca
Sub Component:
Version:	4.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	4.4.0
Assignee:	Maru Newby
QA Contact:	scheng
Docs Contact:
URL:
Whiteboard:
Depends On:	1810036
Blocks:	1810420
TreeView+	depends on / blocked

Reported:	2020-03-05 08:29 UTC by Maru Newby
Modified:	2020-05-13 22:00 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1810036
Clones:	1810420 (view as bug list)
Environment:
Last Closed:	2020-05-13 22:00:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift library-go pull 728	None	closed	[release-4.4] Bug 1810418: Set a random serial number for signing certificate templates	2020-10-12 12:22:48 UTC
Github	openshift service-ca-operator pull 111	None	closed	[release-4.4] Bug 1810418: Ensure service CA certs are created with unique serial numbers	2020-10-12 12:22:48 UTC
Red Hat Product Errata	RHBA-2020:0581	None	None	None	2020-05-13 22:00:47 UTC

Comment 1 Maru Newby 2020-03-13 16:08:13 UTC

I'm confused as to why this BZ wasn't moved to MODIFIED automatically. The implementing library go PR was posted 7 days ago and the service ca PR was posted 4 days ago (both posted after the master PR merged). The limiting factor is the parent BZ, which QA has yet to sign off on despite the urgent priority and severity.

Comment 2 Maru Newby 2020-03-13 16:08:53 UTC

Er, I meant 'moved to POST automatically'.

Comment 5 scheng 2020-03-17 15:21:41 UTC

To be clear,if the cluster has been upgraded from a version which doesnt contain the PR to a version which doesnt contain the PR too,then upgrade to a version contains this PR, it still hit that err.

I am confused that is the the expected result?

Comment 6 scheng 2020-03-17 15:41:37 UTC

If the cluster was upgraded to a version contains this PR directly,it didnt hit that err.

Comment 10 Maru Newby 2020-04-17 16:06:08 UTC

Given that 4.4 is not yet released, and released versions already have a fix, I'm assuming no docs are required.

Comment 12 errata-xmlrpc 2020-05-13 22:00:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581

Note You need to log in before you can comment on or make changes to this bug.