Bug 722634 - Add client usage flag to caIPAserviceCert
Summary: Add client usage flag to caIPAserviceCert
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pki-core
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Andrew Wnuk
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On: 719113
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-16 00:20 UTC by Andrew Wnuk
Modified: 2015-01-04 23:49 UTC (History)
7 users (show)

Fixed In Version: pki-core-9.0.3-11.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 719113
Environment:
Last Closed: 2011-12-06 16:29:14 UTC
Target Upstream Version:

Attachments (Terms of Use)
proposed patch (992 bytes, patch)
2011-07-22 00:05 UTC, Andrew Wnuk 		mharmsen: review+
Details | Diff
spec file for pki-core-9.0.3-11.el6 (39.80 KB, patch)
2011-07-22 18:28 UTC, Matthew Harmsen 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1655 0 normal SHIPPED_LIVE pki-core bug fix and enhancement update 2011-12-06 00:50:24 UTC

Description Andrew Wnuk 2011-07-16 00:20:19 UTC 
+++ This bug was initially created as a clone of Bug #719113 +++

Description of problem:

We want IPA server certificates to be usable as client certificates as well so a host can use it to authenticate itself. Please add the client cert flag to the IPA service cert profile.
Comment 2 Andrew Wnuk 2011-07-22 00:05:49 UTC 
Created attachment 514598 [details]
proposed patch
Comment 3 Andrew Wnuk 2011-07-22 00:41:21 UTC 
IPA_v2_RHEL_6_ERRATA_BRANCH:
svn commit pki/base/ca/shared/profiles/ca/caIPAserviceCert.cfg
Sending        pki/base/ca/shared/profiles/ca/caIPAserviceCert.cfg
Transmitting file data .
Committed revision 2074.
Comment 4 Andrew Wnuk 2011-07-22 17:35:57 UTC 
svn commit
Adding         patches/pki-core-9.0.3-r2074.patch
Sending        specs/pki-core.spec
Transmitting file data ..
Committed revision 2075.
Comment 5 Andrew Wnuk 2011-07-22 17:39:38 UTC 
Published patch to http://pki.fedoraproject.org/pki/sources/pki-core/
Comment 7 Matthew Harmsen 2011-07-22 18:28:34 UTC 
Created attachment 514764 [details]
spec file for pki-core-9.0.3-11.el6

Sent the following request to release-engineering:

Subject: Request to build pki-core-9.0.3-11.el6 for RHEL 6 in Brew . . .

We would like to request an official build of 'pki-core-9.0.3-11.el6' 
for RHEL 6.2 in Brew per the following bug:

    * Bugzilla Bug #722634 - Add client usage flag to caIPAserviceCert

The official source tarball and all associated patches are located at:

    * http://pki.fedoraproject.org/pki/sources/pki-core/

and include the following:

    * pki-core-9.0.3.tar.gz
    * pki-core-9.0.3-r1846.patch
    * pki-core-9.0.3-r1860.patch
    * pki-core-9.0.3-r1862.patch
    * pki-core-9.0.3-r1864.patch
    * pki-core-9.0.3-r1875.patch
    * pki-core-9.0.3-r1879.patch
    * pki-core-9.0.3-r1886.patch
    * pki-core-9.0.3-r1908.patch
    * pki-core-9.0.3-r2074.patch

The updated official spec file is attached.
Comment 10 Jenny Severance 2011-09-28 18:43:53 UTC 
verified:

# cat /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg | grep "policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"
policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2


version:
ipa-server-2.1.1-4.el6.x86_64
Comment 11 errata-xmlrpc 2011-12-06 16:29:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1655.html
Note You need to log in before you can comment on or make changes to this bug.