Bug 434758 - SSL cert not signed by RH internal IT
SSL cert not signed by RH internal IT
Status: CLOSED CURRENTRELEASE
Product: Red Hat Collaboration Applications
Classification: Retired
Component: General (Show other bugs)
1.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Máirín Duffy
https://internal-blogs.rdu.redhat.com/
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-25 05:47 EST by Patrick C. F. Ernzer
Modified: 2008-10-06 12:32 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-28 10:15:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Patrick C. F. Ernzer 2008-02-25 05:47:51 EST
Description of problem:
the SSL certificate used by https://internal-blogs.rdu.redhat.com/ is still a
self-signed one. Máirín, can you please post the helpdesk ticket number you got
when you opened a ticket in April 2007 and when you pinged IT at the end of
October 2007 so that all those that care can politely point out that this is
important.


Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. go to https://internal-blogs.rdu.redhat.com/
2. get waring from web browser that the SSL certificate is self-signed
3. refuse to enter kerberos password on a site that IT does not vouch as being a
RH machine.
  
Actual results:
inability to use the blogging tool.

Expected results:
ability to trust that each site where I am asked to enter my kerberos
credentials is vouched for by IT as being really a RH machine.

Additional info:
nothing personal about this bug, I nagt about self-signed certs every time I see
them as I strongly believe we need to educate users to not blindly accept
self-signed certificates.
Comment 1 Máirín Duffy 2008-02-25 09:29:13 EST
Hi Patrick,

I actually just received a signed cert from helpdesk last week and hopefully
I'll get it up on internal blogs today.

~m
Comment 2 Máirín Duffy 2008-02-25 10:56:06 EST
Hi Patrick,

I just set up a cert signed by Red Hat IS CA on internal-blogs. Would you mind
testing it for me to make sure it works for you?

Thanks, ~m
Comment 3 Patrick C. F. Ernzer 2008-02-26 09:22:41 EST
Yes, thanks you Máirín. Works like it should. I'd close the bug but am not sure
which release to set for CLOSED CURRENTRELEASE, so I'll leave that for you.

side note: obviously the browser will nag that some bits are pulled in via http
insterad of https, but nothing you can do about that I guess (well except for
the bits you pull off redhat.com)

how to verify:
$ openssl s_client -CAfile /home/pcfe/Downloads/RHinternal-cacert.pem -connect
internal-blogs.rdu.redhat.com:443
CONNECTED(00000003)
depth=1 /C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=IS/CN=Red Hat IS
CA/emailAddress=sysadmin-rdu@redhat.com
verify return:1
depth=0 /C=US/ST=North Carolina/O=Red Hat, Inc./OU=Internal Blogs
Team/CN=internal-blogs.rdu.redhat.com/emailAddress=duffy@redhat.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Internal Blogs
Team/CN=internal-blogs.rdu.redhat.com/emailAddress=duffy@redhat.com
   i:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=IS/CN=Red Hat IS
CA/emailAddress=sysadmin-rdu@redhat.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEAzCCA2ygAwIBAgICAKswDQYJKoZIhvcNAQEEBQAwgZ0xCzAJBgNVBAYTAlVT
MRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWlnaDEWMBQG
A1UEChMNUmVkIEhhdCwgSW5jLjELMAkGA1UECxMCSVMxFjAUBgNVBAMTDVJlZCBI
YXQgSVMgQ0ExJjAkBgkqhkiG9w0BCQEWF3N5c2FkbWluLXJkdUByZWRoYXQuY29t
MB4XDTA4MDIxNTE0MzMyN1oXDTEwMDIxNDE0MzMyN1owgaUxCzAJBgNVBAYTAlVT
MRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEWMBQGA1UEChMNUmVkIEhhdCwgSW5j
LjEcMBoGA1UECxMTSW50ZXJuYWwgQmxvZ3MgVGVhbTEmMCQGA1UEAxMdaW50ZXJu
YWwtYmxvZ3MucmR1LnJlZGhhdC5jb20xHzAdBgkqhkiG9w0BCQEWEGR1ZmZ5QHJl
ZGhhdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMChePvTDVPmDAaB
wN3NubMZer8s6Sn+zdyIXVPh5s5edx9jbAVP3oVXu+A2P5ff6D40bXJmIZ3ujWE7
t7rCWF7lVFVYbD13LNP4UgvFZKcogP4IFtFMSDqW6ZfVUAjSNqcpYhJRKlcHcQLO
tQat97tot2OuL8LK971mYhCkEDMJAgMBAAGjggFGMIIBQjAJBgNVHRMEAjAAMCwG
CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQUdoRbwTARcT6pnKke5OPsQ3UCPw8wgcoGA1UdIwSBwjCBv4AUDawZcO0E
p154q/6LqDTrISbBVjWhgaOkgaAwgZ0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5O
b3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWlnaDEWMBQGA1UEChMNUmVkIEhh
dCwgSW5jLjELMAkGA1UECxMCSVMxFjAUBgNVBAMTDVJlZCBIYXQgSVMgQ0ExJjAk
BgkqhkiG9w0BCQEWF3N5c2FkbWluLXJkdUByZWRoYXQuY29tggEAMBsGA1UdEQQU
MBKBEGR1ZmZ5QHJlZGhhdC5jb20wDQYJKoZIhvcNAQEEBQADgYEAjrQeTIZh7U2m
CIe0V+IcSihUwb3wx+jIuXiFcjX3PRDKevHtkPNWHNPzgL1J0yzus9GRcbR4gaCg
1Rcp4RAU67hYa1jGHP3TKcUb2TBZ3xmPSaFJyPmwyknz+xIJTZpA0e/0lr70Enfa
uZkyVVsqpQjUgM8y0K4giLrKzmWSwZ8=
-----END CERTIFICATE-----
subject=/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Internal Blogs
Team/CN=internal-blogs.rdu.redhat.com/emailAddress=duffy@redhat.com
issuer=/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=IS/CN=Red Hat IS
CA/emailAddress=sysadmin-rdu@redhat.com
---
No client certificate CA names sent
---
SSL handshake has read 1595 bytes and written 331 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: B69771370CC6EDFAFF0875EDBCE8DF7CAB21C84AEE2299FF668FD6BD397E8F05
    Session-ID-ctx: 
    Master-Key:
238222685D1CD6B9AAA819DE75ED5441DCD6F1200015563A27C99DB66A028A0A4F76A0D09FEF9E7DA2DEC518468C7032
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1204035110
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
Comment 4 David Lawrence 2008-10-06 12:32:14 EDT
Moving to product "Red Hat Collaboration Applications".

Note You need to log in before you can comment on or make changes to this bug.