Bug 440331 - wiki should show fingerprint of pki.fedoraproject.org key
wiki should show fingerprint of pki.fedoraproject.org key
Status: CLOSED NOTABUG
Product: Dogtag Certificate System
Classification: Community
Component: Wiki (Show other bugs)
1.0
All Linux
high Severity high
: 1.0
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2008-04-02 16:42 EDT by Bob Lord
Modified: 2015-01-04 18:31 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-15 09:28:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Bob Lord 2008-04-02 16:42:32 EDT
Description of problem:
When you check out the source code, svn warns you that you have not seen the
server's key before, and asks if you want to trust it.

We should show the fingerprint of that key on a non-editable page so that people
can be sure they are talking to the real pki.fedoraproject.org svn server.
Comment 1 Matthew Harmsen 2008-04-03 20:08:50 EDT
First, to verify the fingerprint of the certificate being used, login to
pki.fedoraproject.org, become the root user, and type the following:

    cd /opt/fortitude/alias
    certutil -L -d .

        Server-Cert                                                  CTu,Cu,Cu

    certutil -L -n Server-Cert -a -d . > cert.txt

Copy cert.txt to a machine that contains the NSS "pp: command, and type the
following:

    /usr/lib/nss/unsupported-tools/pp -t certificate -i cert.txt -a

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:89:28:f0:db
        Signature Algorithm: PKCS #1 MD5 With RSA Encryption
        Issuer: "CN=pki.fedoraproject.org"
        Validity:
            Not Before: Tue Mar 25 18:58:00 2008
            Not After : Wed Mar 25 18:58:00 2009
        Subject: "CN=pki.fedoraproject.org"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f0:26:eb:eb:16:33:e0:c3:bf:0b:e8:7d:15:83:cf:5d:
                    e3:66:2e:bc:96:bd:87:fd:b5:2d:a2:14:7b:60:83:fc:
                    e7:f3:d1:32:b4:bf:e6:80:28:9c:1a:66:6c:4a:92:18:
                    b2:1d:c4:8e:a3:be:0e:0f:98:18:06:44:f5:43:f0:90:
                    88:24:41:e0:2b:9d:2a:a8:c3:4f:ca:ed:d0:55:5e:c1:
                    57:f1:be:a0:c9:02:b3:d5:a4:fa:7f:7c:64:89:8c:10:
                    05:e5:41:b8:e5:60:5a:66:0d:3f:12:ba:0d:3d:f7:e9:
                    de:5f:53:09:a8:4a:f0:52:63:65:21:ce:fa:68:80:8f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 MD5 With RSA Encryption
    Signature:
        0c:f3:cf:e8:98:0c:51:23:9d:7b:f0:98:27:7c:2f:89:
        c5:51:cb:a9:bb:da:f5:4c:03:3b:a3:05:b1:c4:ea:a7:
        c5:c4:2d:a0:1d:f8:95:e4:78:e5:24:23:6e:d1:90:58:
        cf:2f:be:c7:6b:35:ef:39:43:31:99:ca:f4:76:68:ee:
        1d:b4:f2:8e:45:82:56:3d:38:22:66:79:72:1f:44:99:
        5d:b8:93:54:9c:33:55:79:cb:28:e2:dc:72:84:fa:18:
        d9:18:d3:e9:50:51:6c:70:a4:a5:fe:b4:64:58:c2:96:
        14:1a:95:0c:ae:da:9f:91:1f:58:84:0a:f5:87:1b:59
    Fingerprint (MD5):
        41:92:DE:A6:8F:FE:27:BF:D2:22:CB:59:87:3C:80:C8
    Fingerprint (SHA1):
        CD:9C:91:2D:AD:0E:04:27:3A:BE:36:65:39:FB:DC:7F:41:47:26:C8

Note that the (SHA1) Fingerprint matches the fingerprint returned by the "pp"
command matches the fingerprint returned when attempting to check out the source
code for the first time.

Added text to the http://pki.fedoraproject.org/wiki/PKI_Subversion_Instructions
page, and "protected" it so that it could only be changed by sysops.

Comment 2 Chandrasekar Kannan 2008-08-26 20:28:11 EDT
Bug already MODIFIED. setting target CS8.0 and marking screened+

Note You need to log in before you can comment on or make changes to this bug.