Bug #8512
closed
don't put certificate metadata in PEM files
Added by Adam Price about 10 years ago.
Updated over 5 years ago.
Description
"The final conversion output shouldn’t contain anything apart from the encoded key and certificates. Although some tools are smart enough to ignore what isn’t needed, other tools are not. Leaving extra data in PEM files might result in problems that are difficult to troubleshoot." from OpenSSL Cookbook [1].
[1] https://www.feistyduck.com/books/openssl-cookbook/
Affected certs can be found by searching for words like "Signature" or "Validity"
[root@katello-centos6-2 katello]# grep -r -l 'Signature' /etc/pki/katello/
/etc/pki/katello/certs/katello-apache.crt
/etc/pki/katello/certs/java-client.crt
/etc/pki/katello/certs/katello-centos6-2.0.example.com-qpid-broker.crt
/etc/pki/katello/certs/katello-default-ca.crt
/etc/pki/katello/qpid_client_striped.crt
- Translation missing: en.field_release set to 23
- Triaged changed from No to Yes
- Translation missing: en.field_release deleted (
23)
- Translation missing: en.field_release set to 114
- Status changed from New to Closed
Thanks for reporting this issue. This issue was created over 4 years ago and hasn't seen an update in 1 year. We are closing this in an effort to keep a realistic backlog. Please open up a new issue that includes a link to this issue if you feel this still needs to be addressed. We can then triage the new issue and reassess.
- Target version deleted (
Katello Backlog)
- Status changed from Closed to Rejected
Also available in: Atom
PDF