Bug 618559 - Error while creating entitlement certs
Error while creating entitlement certs
Status: CLOSED CURRENTRELEASE
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA (Show other bugs)
1.2
All Linux
low Severity medium
: ---
: ---
Assigned To: Jay Dobies
wes hayutin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-27 05:23 EDT by Shveta
Modified: 2012-05-31 08:51 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-31 08:51:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Shveta 2010-07-27 05:23:37 EDT
Description of problem:Error while creating entitlement certs 


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.Selected option 4 in rhui-tools
2.
3.
  
Actual results:


Expected results:


Additional info:


[root@ip-10-202-26-32 os]# rhui-tools 
Select the component to be configured:
  1 - RHUA
  2 - CDS
  3 - Client
  4 - Entitlement Certificates
Selection:  4

                 -= Entitlement Certificate Configuration =- 

The following questions are used to generate entitlement certificates.

Unless otherwise specified, all fields are required.

Local directory in which the entitlment certificates generated by this tool
should be stored (if this directory does not exist, it will be created:
/tmp/ent

Full path to the content certificate to be used as the basis for the entitlement
certificate. The list of entitled channels will be derived from this certificate:
/root/ssl/build/client-all.crt

Full path to the CA certificate that will be used to sign the entitlement certificates:
/root/ssl/ca.crt

Full path to the CA certificate private key. The password for this key will be requested
as the certificate is signed:
/root/ssl/ca.key

Number of days the certificate should be valid:
30

..............+++
..........................+++
Enter the passphrase for the client's private key

Enter passphrase:
Verify passphrase:
Error during certificate creation, check the log file for more details

=====================================

[root@ip-10-202-26-32 log]# pwd
/var/log
[root@ip-10-202-26-32 log]# vi rhui.log

2010-07-27 05:14:42,938  Command [openssl x509 -req -days 30 -in /tmp/ent/entitlement-cert.csr -CA /root/ssl/ca.crt -CAkey /root/ssl/ca.key -set_serial 01 -extfile /tmp/ent/extensions.txt -extensions rhui -out /tmp/ent/entitlement-cert.crt]
2010-07-27 05:14:43,057  Certificate creation output
2010-07-27 05:14:43,058
2010-07-27 05:14:43,058  error on line 8 of config file '/tmp/ent/extensions.txt'



===================================================

[root@ip-10-202-26-32 log]# cat /tmp/ent/extensions.txt
[rhui]
basicConstraints=CA:FALSE
1.3.6.1.4.1.2312.9.2.2222.2.1=ASN1:UTF8:Red Hat ISO
1.3.6.1.4.1.2312.9.2.2222.2.2=ASN1:UTF8:rhel-iso
1.3.6.1.4.1.2312.9.2.2222.2.6=ASN1:UTF8:some-iso-file
1.3.6.1.4.1.2312.9.2.1111.1.2=ASN1:UTF8:rhel-5
1.3.6.1.4.1.2312.9.2.1111.1.1=ASN1:UTF8:Red Hat Enterprise Linux
1.3.6.1.4.1.2312.9.2.1111.1.6=ASN1:UTF8:content/dist/rhel/server/5Server/$basearch/os
Comment 1 Jay Dobies 2010-07-27 08:32:43 EDT
commit	0c1f07e40dbabb7c5b3ae375b74a865eecc54c84
tree	7f0f6b1a8186cc87358b8e2f45b96b7b9a4d8c77


618559 - Need to escape the $ in variables when writing out the temporary extensions file.


rhui/tools/src/rhui/certs.py
Comment 2 wes hayutin 2010-08-03 15:09:50 EDT
[root@ip-10-245-78-143 ~]# rhui-tools 
Select the component to be configured:
  1 - RHUA
  2 - CDS
  3 - Client
  4 - Entitlement Certificates
Selection:  4

                 -= Entitlement Certificate Configuration =- 

The following questions are used to generate entitlement certificates.

Unless otherwise specified, all fields are required.

Local directory in which the entitlment certificates generated by this tool
should be stored (if this directory does not exist, it will be created:
/tmp/ent

Full path to the content certificate to be used as the basis for the entitlement
certificate. The list of entitled channels will be derived from this certificate:
/root/ssl/build/client-all.crt

Full path to the CA certificate that will be used to sign the entitlement certificates:
/root/ssl/ca.crt

Full path to the CA certificate private key. The password for this key will be requested
as the certificate is signed:
/root/ssl/ca.key

Number of days the certificate should be valid:
100

..............................+++
.....................................................................................................+++
Entitlement certificate can be found at /tmp/ent/entitlement-cert.crt
Certificate private key can be found at /tmp/ent/entitlement-key.pem
Comment 3 wes hayutin 2011-08-01 17:38:26 EDT
moving to release pending
Comment 4 wes hayutin 2012-05-31 08:51:02 EDT
closing out, product released

Note You need to log in before you can comment on or make changes to this bug.