Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
PrettyPrintCert on rhel7.* - rhel9.* does not properly translate the AIA information into a readable format. OpenSSL and the pp tool both do this properly.
$ PrettyPrintCert test.cer
Certificate:
Data:
Version: v3
Serial Number: 0xE
Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
Issuer: CN=Certificate Authority, O=UsersysRedhat Domain
Validity:
Not Before: Friday, March 7, 2008 at 6:47:46 PM Eastern Standard Time America/New_York
Not After: Wednesday, September 3, 2008 at 7:47:46 PM Eastern Daylight Time America/New_York
Subject: CN=ipa-pki-demo.usersys.redhat.com, DC=redhat, DC=com
Subject Public Key Info:
Algorithm: RSA - 1.2.840.113549.1.1.1
Public Key:
Exponent: 65537
Public Key Modulus: (1024 bits) :
DA:4F:12:D5:83:3F:9A:A3:98:03:B0:C4:BF:F8:CB:47:
58:64:06:47:1C:49:C7:B1:47:FB:8F:98:1D:7B:A0:29:
49:0F:C9:2F:0B:84:49:62:C1:53:6E:AC:E1:42:8C:7D:
A5:93:BE:F3:78:80:1E:DC:1E:B4:7D:D1:E9:27:8A:D5:
3A:E1:1E:70:3D:88:CA:EA:8C:18:B7:74:B1:BE:02:66:
34:59:52:85:C0:8E:F6:7E:62:26:CB:70:0F:C8:3A:5E:
C6:E5:4E:00:CB:2A:56:BC:5C:69:C6:5C:E5:47:76:0A:
7C:AA:21:5D:C0:C7:15:52:90:38:C1:C5:F6:7C:DE:69
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:
BD:ED:61:2D
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33:
68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64:
65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68:
61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F:
63:73:70
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key Encipherment
Data Encipherment
Identifier: Extended Key Usage: - 2.5.29.37
Critical: no
Extended Key Usage:
1.3.6.1.5.5.7.3.1
Signature:
Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
Signature:
2F:D4:4F:A8:E0:43:26:A8:F6:31:11:CC:7B:D4:64:59:
84:64:00:44:D2:56:BB:81:4F:51:3D:C6:6C:27:A9:32:
97:3F:0E:DB:B6:EA:6D:72:E5:12:AA:E5:9E:2F:04:AF:
43:52:80:B2:FD:04:D7:00:F2:88:60:42:4D:D2:31:1B:
DB:32:08:A2:39:F9:F6:98:9E:C7:49:34:B1:C1:91:1C:
B4:80:CE:64:CA:7D:18:02:27:DE:C9:C7:04:83:A1:19:
64:06:C4:FB:96:41:81:FE:59:B7:31:63:F3:DD:19:BA:
A1:E2:E5:F4:D6:D5:51:50:C5:8E:2E:5F:35:CA:25:B1:
9F:B1:CD:55:5C:54:AD:EB:4D:D6:E5:AF:A9:45:F8:54:
89:FD:05:8C:33:57:A4:DA:97:FD:17:EF:A9:59:E4:29:
DA:EC:70:1C:75:D1:2C:AE:D0:19:EF:85:86:16:86:43:
01:8A:AE:BD:61:C6:64:8D:90:03:2A:94:1F:8C:CD:5A:
E6:BF:4D:79:D1:BC:CC:2B:6A:E3:E9:61:6C:D6:31:DD:
8F:4C:F2:A5:21:8F:BD:DC:75:7F:76:AA:A0:CE:39:67:
34:1B:03:3D:3C:F7:CA:F6:F2:7D:E7:5F:21:4E:0B:C7:
65:A4:7A:22:39:EB:2B:40:89:BF:DD:C9:60:46:31:B8
FingerPrint
MD2:
22:4E:8B:CC:9F:DA:45:FC:3D:F0:ED:AC:81:44:13:40
MD5:
E8:BB:81:05:EB:26:8A:6C:75:E6:3C:D5:63:96:55:6E
SHA-1:
A6:79:AF:63:ED:94:AD:0C:F2:0A:FE:8A:82:FB:F1:C4:
8E:B5:2F:E8
SHA-256:
A8:93:5A:C8:FD:5F:0B:AF:A1:2C:92:A7:F5:F0:81:02:
A2:70:40:E4:21:88:73:3D:66:4D:36:AA:8D:84:BB:CE
SHA-512:
06:28:29:38:EC:92:A9:10:C7:10:79:35:4F:4F:02:8B:
9C:38:9D:30:B3:A0:15:2C:30:58:7D:13:7E:A4:9C:1E:
F9:C5:34:2B:66:95:6E:F4:63:74:DB:ED:BD:EC:3F:2E:
E0:85:B7:E6:81:C2:CC:8D:73:AD:1F:D7:FA:91:7A:B0
Version-Release number of selected component (if applicable):
pki-core all versions
How reproducible:
Very
Steps to Reproduce:
1. Install pki-tools
2. Run PrettyPrintCert against a certificate with AIA information
Actual results:
The Value field should be translated. Below is from PrettyPrintCert
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33:
68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64:
65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68:
61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F:
63:73:70
Below is from openssl
X509v3 Authority Key Identifier:
1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D
Authority Information Access:
OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp
Expected results:
X509v3 Authority Key Identifier:
1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D
Authority Information Access:
OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp
Additional info:
Description of problem: PrettyPrintCert on rhel7.* - rhel9.* does not properly translate the AIA information into a readable format. OpenSSL and the pp tool both do this properly. $ PrettyPrintCert test.cer Certificate: Data: Version: v3 Serial Number: 0xE Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 Issuer: CN=Certificate Authority, O=UsersysRedhat Domain Validity: Not Before: Friday, March 7, 2008 at 6:47:46 PM Eastern Standard Time America/New_York Not After: Wednesday, September 3, 2008 at 7:47:46 PM Eastern Daylight Time America/New_York Subject: CN=ipa-pki-demo.usersys.redhat.com, DC=redhat, DC=com Subject Public Key Info: Algorithm: RSA - 1.2.840.113549.1.1.1 Public Key: Exponent: 65537 Public Key Modulus: (1024 bits) : DA:4F:12:D5:83:3F:9A:A3:98:03:B0:C4:BF:F8:CB:47: 58:64:06:47:1C:49:C7:B1:47:FB:8F:98:1D:7B:A0:29: 49:0F:C9:2F:0B:84:49:62:C1:53:6E:AC:E1:42:8C:7D: A5:93:BE:F3:78:80:1E:DC:1E:B4:7D:D1:E9:27:8A:D5: 3A:E1:1E:70:3D:88:CA:EA:8C:18:B7:74:B1:BE:02:66: 34:59:52:85:C0:8E:F6:7E:62:26:CB:70:0F:C8:3A:5E: C6:E5:4E:00:CB:2A:56:BC:5C:69:C6:5C:E5:47:76:0A: 7C:AA:21:5D:C0:C7:15:52:90:38:C1:C5:F6:7C:DE:69 Extensions: Identifier: Authority Key Identifier - 2.5.29.35 Critical: no Key Identifier: 1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96: BD:ED:61:2D Identifier: 1.3.6.1.5.5.7.1.1 Critical: no Value: 30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33: 68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64: 65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68: 61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F: 63:73:70 Identifier: Key Usage: - 2.5.29.15 Critical: yes Key Usage: Digital Signature Non Repudiation Key Encipherment Data Encipherment Identifier: Extended Key Usage: - 2.5.29.37 Critical: no Extended Key Usage: 1.3.6.1.5.5.7.3.1 Signature: Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 Signature: 2F:D4:4F:A8:E0:43:26:A8:F6:31:11:CC:7B:D4:64:59: 84:64:00:44:D2:56:BB:81:4F:51:3D:C6:6C:27:A9:32: 97:3F:0E:DB:B6:EA:6D:72:E5:12:AA:E5:9E:2F:04:AF: 43:52:80:B2:FD:04:D7:00:F2:88:60:42:4D:D2:31:1B: DB:32:08:A2:39:F9:F6:98:9E:C7:49:34:B1:C1:91:1C: B4:80:CE:64:CA:7D:18:02:27:DE:C9:C7:04:83:A1:19: 64:06:C4:FB:96:41:81:FE:59:B7:31:63:F3:DD:19:BA: A1:E2:E5:F4:D6:D5:51:50:C5:8E:2E:5F:35:CA:25:B1: 9F:B1:CD:55:5C:54:AD:EB:4D:D6:E5:AF:A9:45:F8:54: 89:FD:05:8C:33:57:A4:DA:97:FD:17:EF:A9:59:E4:29: DA:EC:70:1C:75:D1:2C:AE:D0:19:EF:85:86:16:86:43: 01:8A:AE:BD:61:C6:64:8D:90:03:2A:94:1F:8C:CD:5A: E6:BF:4D:79:D1:BC:CC:2B:6A:E3:E9:61:6C:D6:31:DD: 8F:4C:F2:A5:21:8F:BD:DC:75:7F:76:AA:A0:CE:39:67: 34:1B:03:3D:3C:F7:CA:F6:F2:7D:E7:5F:21:4E:0B:C7: 65:A4:7A:22:39:EB:2B:40:89:BF:DD:C9:60:46:31:B8 FingerPrint MD2: 22:4E:8B:CC:9F:DA:45:FC:3D:F0:ED:AC:81:44:13:40 MD5: E8:BB:81:05:EB:26:8A:6C:75:E6:3C:D5:63:96:55:6E SHA-1: A6:79:AF:63:ED:94:AD:0C:F2:0A:FE:8A:82:FB:F1:C4: 8E:B5:2F:E8 SHA-256: A8:93:5A:C8:FD:5F:0B:AF:A1:2C:92:A7:F5:F0:81:02: A2:70:40:E4:21:88:73:3D:66:4D:36:AA:8D:84:BB:CE SHA-512: 06:28:29:38:EC:92:A9:10:C7:10:79:35:4F:4F:02:8B: 9C:38:9D:30:B3:A0:15:2C:30:58:7D:13:7E:A4:9C:1E: F9:C5:34:2B:66:95:6E:F4:63:74:DB:ED:BD:EC:3F:2E: E0:85:B7:E6:81:C2:CC:8D:73:AD:1F:D7:FA:91:7A:B0 Version-Release number of selected component (if applicable): pki-core all versions How reproducible: Very Steps to Reproduce: 1. Install pki-tools 2. Run PrettyPrintCert against a certificate with AIA information Actual results: The Value field should be translated. Below is from PrettyPrintCert Identifier: 1.3.6.1.5.5.7.1.1 Critical: no Value: 30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33: 68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64: 65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68: 61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F: 63:73:70 Below is from openssl X509v3 Authority Key Identifier: 1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D Authority Information Access: OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp Expected results: X509v3 Authority Key Identifier: 1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D Authority Information Access: OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp Additional info: