Bug 241105 - yum does not accept SSL cert of Satellite (SubjectAltName mismatch)
yum does not accept SSL cert of Satellite (SubjectAltName mismatch)
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: yum-rhn-plugin (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: James Slagle
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-24 03:28 EDT by Christian Jung
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-08 06:11:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
YUM traceback (1.20 KB, application/x-bzip)
2007-05-24 03:28 EDT, Christian Jung
no flags Details

  None (edit)
Description Christian Jung 2007-05-24 03:28:44 EDT
Description of problem:
I created a SSL certificate with an existing CA. Did not use rhn-ssl-tool
--gen-ca to create one.

After creating SSL cert installed
rhn-org-httpd-ssl-key-pair-<SERVERNAME>-1.0-8.noarch.rpm on the satellite and
restarted httpd.

CA cert was exported on existing CA and I created a RPM package with:
rhn-ssl-tool --gen-ca --rpm-only

Newly created RHN-ORG-TRUSTED-SSL-CERT was succesfully deployed to all existing
clients. Also imported new CA cert with rhn-ssl-dbstore.

New certs work fine with existing RHEL4 clients!

RHEL5 clients prints out traceback with following error message:
M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match
host, expected <SERVERNAME>, got
 email:<VALID eMail ADDRESS>

Versions:
Satellite 4.2.1
yum=yum-3.0.1-5.el5

How reproducible:
always

Steps to Reproduce:
Create a KEY:
rhn-ssl-tool --gen-server --key-only
Create a CSR:
rhn-ssl-tool --gen-server --cert-req-only
Sign the CSR and copy CERT to Satellite
Create RPM Package:
rhn-ssl-tool --gen-server --rpm-only
Install RPM Package and restart httpd

Install rhn-org-trusted-ssl-cert-1.0-4.noarch.rpm on RHEL5 client. Do RHN task like:
yum list extras
or
yum install <package>
  
Actual results:
M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match
host, expected <SERVERNAME>, got email:<EMAILADDRESS>

see traceback attached

Expected results:
no error

Additional info:
If necessary, I can provide all certs.
Comment 1 Christian Jung 2007-05-24 03:28:44 EDT
Created attachment 155317 [details]
YUM traceback
Comment 2 Christian Jung 2007-06-08 06:11:02 EDT
Issue solved.

TinyCA added wrong subjectAltName automatically.

Note You need to log in before you can comment on or make changes to this bug.