Description of problem: IPA admin cert is created with SHA1 signing algorithm, should be SHA256.
Version-Release number of selected component (if applicable): pki-ca-10.0.5-1.el7.noarch
How reproducible:
Steps to Reproduce: 1. CS.cfg after the CA install has this: ca.signing.defaultSigningAlgorithm=SHA256withRSA
Key: algorithm = RSA, unparsed keybits = 30 82 01 0A 02 82 01 01 00 EC FF FE 3A D3 01 E9 66 68 81 1A 7E D6 7B E1 24 83 50 37 ED 87 AF EA C2 2C 49 B4 69 83 ED 90 AE 83 0D 02 B3 F7 9A 1C 9D 59 61 36 BA D0 AF 19 60 1D F2 22 57 87 1E 4F FC B3 CF 43 B9 C0 09 B8 4E AD 36 9A AB 18 46 8F 72 4B 7D 15 5F 55 22 B5 C5 EF 07 32 6F C2 4F 0B 1F EC DD 44 9A 5A 59 59 2C 27 D4 8A 26 FC 45 A4 14 1F F9 89 33 2C D4 ED BB D1 AF 86 E1 CD F3 73 1A 58 E3 FF 30 DF B8 D2 98 58 20 C7 D0 56 97 93 51 15 23 6C BE A4 AA 48 4F A6 33 85 F4 4E 7B 19 E1 92 B1 F8 59 63 BA BC F5 91 D2 0F 71 14 3C F2 AA 0B 2E 25 18 A0 E5 42 84 B2 8C 4B 6C EF D8 13 02 A0 84 98 07 38 CA 21 B5 B3 65 58 0A D6 CE AC 2E 0D F5 6B 6D 15 14 51 61 17 AD 57 50 2D CA 0E 6F 73 5A E3 4D 0E E2 AA EB 25 4C 18 70 E3 08 45 C7 79 1B 6F 4D 64 1F E5 CB C6 1B 4C 8C 1D 2F BB 06 E9 DA 0D 15 89 84 30 07 02 03 01 00 01
Validity: [From: Mon Oct 28 18:10:44 EDT 2013, To: Mon Oct 28 18:10:44 EDT 2013] Issuer: CN=Certificate Authority,O=TESTRELM.COM SerialNumber: [ 06]
]
Actual results: Admin/agent cert created with SHA1 algorithm
Expected results: Admin/agent cert should be created with SHA256 signing algorithm.
Additional info:
10.0: 3cdb23de2802cf12a1d5981e8b94b1d1bc0f8e8a master: 2e54c85990e7969f7e36c324052b67f62debe4c2
Please correct the typo in 'vase/ca/shared/conf/CS.cfg.in' from:
ca.profiles.defaultSigningAlgsAllowed==SHA256withRSA,SHA1withRSA,SHA512withRSA,M D5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512with EC
to:
ca.profiles.defaultSigningAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,M D5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512with EC
Basically, the double '==' should be replaced by a single '=', as this may be viewed as a part of the value string ('=SHA256withRSA' rather than 'SHA256withRSA').
Fixed in master, 10.0 and 10.1 branches.
To ssh://vakwetu@git.fedorahosted.org/git/pki.git ffcf024..cfd98df DOGTAG_10_1_BRANCH -> DOGTAG_10_1_BRANCH
Metadata Update from @vakwetu: - Issue assigned to vakwetu - Issue set to the milestone: 10.2 - 06/14 (June)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1348
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.