Issue #6976: External CA: check that IPA CA certificate contains Subject Key Identifier - freeipa

freeipa

#6976 External CA: check that IPA CA certificate contains Subject Key Identifier

Closed: fixed 6 years ago Opened 6 years ago by ftweedal.

The Subject Key Identifier extension is required for CA certificates.
If it is missing, subsequent cert issuance fails, because the CA
Subject Key Identifier is used to the construct the Authority Key Identifier
extension on the issued cert.

During the second stage of external CA installation, add a check for the
Subject Key Identifier extension.

Metadata Update from @ftweedal:
- Issue assigned to ftweedal

6 years ago

Metadata Update from @ftweedal:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1455200

6 years ago

ftweedal commented 6 years ago

PR: https://github.com/freeipa/freeipa/pull/813

Metadata Update from @mbasti:
- Issue set to the milestone: FreeIPA 4.6

6 years ago

mbasti commented 6 years ago

master:

bc6d499 Add Subject Key Identifier to CA cert validity check

Metadata Update from @mbasti:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Metadata

Assignee

ftweedal

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

FreeIPA 4.6

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1455200

tester

None

changelog

None

design

None

freeipa

Source Code

#6976 External CA: check that IPA CA certificate contains Subject Key Identifier Closed: fixed 6 years ago Opened 6 years ago by ftweedal.

Metadata

#6976 External CA: check that IPA CA certificate contains Subject Key Identifier

Closed: fixed 6 years ago Opened 6 years ago by ftweedal.