Bug #31051
closed
katello-certs-check don't validate if there is a SAN that matches the Subject CN in custom certificates
Description
Description of problem:
katello-certs-check validates if a custom certificate contains at least a Subject Alt Name, but it never cross check if this SAN matches the Subject CN of the provided certificate.
This can be misleading in a few cases. Here's a few I already saw happen:
1. SAN not containing the Subject CN at all (only other aliases)
2. A typo in the SAN
Both cases will pass the katello-cert-check validation but will fail to deploy.
Version-Release number of selected component (if applicable):
How reproducible: Always
Steps to Reproduce:
1. Create a certificate with a typo in the SAN
2. Run katello-certs-check to verify it
3. Try deploying that cert on Satellite and it will fail
Actual results:
Validation with katello-certs-check passes without error or warning, but satellite-installer will fail to run with such certificate.
Expected results:
Validation should point out an issue with the certificate.
Updated by The Foreman Bot over 4 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-installer/pull/590 added
Updated by The Foreman Bot over 4 years ago
- Assignee set to William Clark
- Pull request https://github.com/theforeman/foreman-installer/pull/606 added
Updated by Joniel Pasqualetto over 4 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset installer|e53e71c3dabb3b7a68292fddab6ddf0e7fa4398a.
Updated by Ewoud Kohl van Wijngaarden over 4 years ago
- Category set to foreman-installer script
- Target version set to 2.3.0
- Triaged changed from No to Yes