Bug #16262: Validate that the capsule cert's CN doesn't match the server FQDN - Katello - Foreman

Bug #16262

Validate that the capsule cert's CN doesn't match the server FQDN

Added by Ivan Necas about 3 years ago. Updated over 1 year ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Installer

Target version:

Katello Backlog

Difficulty:

medium

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Description

Making a full validation of CN of certs might be too complex to provide
(we would need to the the interpretation of wildcards etc.) However,
we what we could do is checking, that:

1. in CN or alternative names, there is the FQDN of the capsule, if yes, pass
2. there is '*' in the CN or alternative names, if yes, pass (expecting the admins know, that they are doing when using those)

We can't do it in katello-certs-check, as the we don't know what the capsule fqdn is,
the correct place to put it in would be probably capsule-certs-generate

Related issues

History

#1 Updated by Ivan Necas about 3 years ago

Copied from Bug #16261: Validate that the CA cert's CN doesn't match the cert's fqdn added

#2 Updated by Justin Sherrill about 3 years ago

Legacy Backlogs Release (now unused) set to 114
Difficulty set to medium

Also available in: Atom PDF

Project

General

Profile

Plugins » Katello

Issues

Custom queries

Bug #16262

Validate that the capsule cert's CN doesn't match the server FQDN

History

#1 Updated by Ivan Necas about 3 years ago

#2 Updated by Justin Sherrill about 3 years ago