Bug #18149
closedPuppet CA returns invalid certificates if using organizational units in the distinguished name
Description
When setting up MCollective for orchestration, and signing client certificates into a separate OU, like the following;
# puppet cert --list --all | grep foreman-proxy.mcollective + "foreman-proxy.mcollective" (SHA256) ... # cat /etc/puppetlabs/puppet/ssl/ca/inventory.txt | grep foreman-proxy.mcollective 0xffff 2017-01-17T13:08:26UTC 2022-01-17T13:08:26UTC /CN=foreman-proxy.mcollective/OU=mcollective
Then the returned JSON from the CA proxy fails to concatenate the data, resulting in output like the following;
"foreman-proxy.mcollective": { "fingerprint": "SHA256", "state": "valid" }, "foreman-proxy.mcollective/OU=mcollective": { "not_after": "2022-01-17T13:08:26UTC", "not_before": "2017-01-17T13:08:26UTC", "serial": 1449 },
When this invalid data finally makes it's way up to the Foreman web-UI, then the CA smart proxy page fails to render, which ends up as an inconvenience at best.
Attached is a workaround that has been tested on our Foreman instance, and successfully proven to work around the issue.
I'm unsure if the fix is the best - or even the correct - way to solve the issue however, so going to wait for a comment or two on it before throwing up a pull request for it.
Files
Updated by Dominic Cleal over 7 years ago
- Is duplicate of Bug #18040: Certificates with OU= give an error when listing smart-proxy cert list. added
Updated by Dominic Cleal over 7 years ago
- Status changed from New to Duplicate
Thanks for the report. This issue is currently being fixed under ticket #18040.
Updated by Dominic Cleal over 7 years ago
- Is duplicate of deleted (Bug #18040: Certificates with OU= give an error when listing smart-proxy cert list.)
Updated by Dominic Cleal over 7 years ago
- Status changed from Duplicate to New
Oh, apologies, I see now - there's a bug in the smart proxy response too. Please do open a PR for a review.
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart-proxy/pull/496 added
Updated by Alexander Olofsson over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 5bef03a08c8bd3534c3c65c70ee55c8cc81625c8.
Updated by Dominic Cleal over 7 years ago
- Assignee set to Alexander Olofsson
- Translation missing: en.field_release set to 210