Project

General

Profile

Actions
Copy link

Bug #16262

open

Validate that the capsule cert's CN doesn't match the server FQDN

Added by Ivan Necas over 7 years ago. Updated almost 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Katello Backlog
Difficulty:
medium
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Making a full validation of CN of certs might be too complex to provide
(we would need to the the interpretation of wildcards etc.) However,
we what we could do is checking, that:

1. in CN or alternative names, there is the FQDN of the capsule, if yes, pass
2. there is '*' in the CN or alternative names, if yes, pass (expecting the admins know, that they are doing when using those)

We can't do it in katello-certs-check, as the we don't know what the capsule fqdn is,
the correct place to put it in would be probably capsule-certs-generate

Related issues 1 (1 open0 closed)

Copied from Katello - Bug #16261: Validate that the CA cert's CN doesn't match the cert's fqdnNew08/24/2016Actions
Actions
Copy link
 #1

Updated by Ivan Necas over 7 years ago

  • Copied from Bug #16261: Validate that the CA cert's CN doesn't match the cert's fqdn added
Actions
Copy link
 #2

Updated by Justin Sherrill over 7 years ago

  • translation missing: en.field_release set to 114
  • Difficulty set to medium
Actions
Copy link

Also available in: Atom PDF