In the python client, CertData.encoded contains a PEM version of the certificate ie, HEADER + base64(cert) with relevant linebreaks + FOOTER.
CertData.intermediates contains base64(cert_pkcs7) with linebreaks with no header and footer.
This is inconsistent. We should update intermediates to match the cert.encoded.
Note: barbican code currently has workaround for this issue, but can be changed when this is addressed.
Replying to [comment:1 vakwetu]:
Since Barbican already has a workaround for this issue, I am setting this to Milestone 10.2.5.
Per CS/DS Meeting of 06/08/2015: 10.2.6
-----BEGIN PKCS7----- -----END PKCS7-----
According to https://www.openssl.org/docs/apps/pkcs7.html a PEM PKCS7 message can be wrapped in either BEGIN PKCS7/END PKCS7 or in BEGIN CERTIFICATE/END CERTIFICATE. Barbican uses BEGIN CERTIFICATE in the file https://github.com/openstack/barbican/blob/master/barbican/plugin/dogtag.py. Let's do that, too.
A fix for pki.cert.CertData is trivial. However I'm not sure if that is the best place to add the wrapping header and footer. It may be a better idea to fix it once and for all at the root in org.dogtagpki.server.ca.rest.CertService.getCertChainData().
org.dogtagpki.server.ca.rest.CertService.getCertChainData()
Patch posted on pki-devel for review.
Per impromptu 10.2.6 meeting of 7/17/2025: 10.2.7
Per CS/DS Meeting of 08/03/2015: 10.3
Metadata Update from @vakwetu: - Issue assigned to cheimes - Issue set to the milestone: UNTRIAGED
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1936
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.