#7579 ipa-cacert-manage cannot import PKCS#7 files
Closed: fixed 4 months ago by rcritten. Opened a year ago by rcritten.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1572674

Description of problem:

Windows AD often provides files in PKCS#7 format (with p7b extensions)
importing with ipa-cacert-manage fails:

# ipa-cacert-manage install /tmp/ca.p7b
Installing CA certificate, please wait
Not a valid certificate: Unable to load certificate
The ipa-cacert-manage command failed.

I heard from another reported that this could also throw a padding error (which
I assumed meant the entire contents of the PKCS#7 file was passed to the base64
decoder).

Version-Release number of selected component (if applicable):

ipa-server-4.5.4-10.el7

Steps to Reproduce:
1. openssl crl2pkcs7 -nocrl -certfile /etc/ipa/ca.crt -out /tmp/ca.p7b
2. ipa-cacert-manage install /tmp/ca.p7b

Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1572674

a year ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.6.5 (was: FreeIPA 4.6.4)

a year ago

Metadata Update from @rcritten:
- Issue assigned to rcritten

8 months ago

master:

  • 3e8f550 Add tests for ipa-cacert-manage install
  • 35d1d34 Add support for multiple certificates/formats to ipa-cacert-manage

Failed to apply patches onto origin/ipa-4-6. Manual backport is needed.

ipa-4-7:

  • 8b0f749 Add tests for ipa-cacert-manage install
  • 30995f8 Add support for multiple certificates/formats to ipa-cacert-manage

ipa-4-6:

  • 6bea9b1 Add support for multiple certificates/formats to ipa-cacert-manage
  • 5e51c31 Add tests for ipa-cacert-manage install

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 months ago

Login to comment on this ticket.

Metadata