Actions
Bug #11705
closed
Creating a certificate while creating a user does not fully configure the certificate properly
Start date:
03/19/2021
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
Description
When creating a certificate while creating a new user (not adding to an existing user), the resulting certificate is missing properties:
1. The certificate does not have the chosen Digest Algorithm -- it assumes SHA1
2. The certificate type is empty, it should be set to "user"
Updated by Jim Pingle over 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 0aa7f5a7ee5e7b5fd2292669cfc2dd7c420e04f7.
Updated by Jim Pingle over 3 years ago
- Category changed from Certificates to Captive Portal
- Assignee deleted (
Jim Pingle) - Target version deleted (
2.5.1) - Affected Version deleted (
2.5.0)
To test:
- Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default) as the digest algorithm.
- Check in the cert manager on the Certificates tab and inspect the certificate details
- Note that it was incorrectly created with a digest of SHA1 instead of the selected digest (SHA256)
- Note that under the certificate name, it does not state "User Certificate"
- Check in config.xml for the entry and see that the type is empty (
<type></type>)
Update to a build with the fix and repeat the test:
- The certificate should correctly have "SHA256" as its digest
- The certificate should show "User Certificate" under its name in the list
- The config.xml entry for the certificate should contain
<type>user</type>
Updated by Jim Pingle over 3 years ago
- Category changed from Captive Portal to Certificates
- Assignee set to Jim Pingle
- Target version set to 2.5.1
- Affected Version set to 2.5.0
Updated by Viktor Gurov over 3 years ago
- Status changed from Feedback to Resolved
Jim Pingle wrote:
To test:
- Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default) as the digest algorithm.
- Check in the cert manager on the Certificates tab and inspect the certificate details
User created on 2.5.0 with SHA256:
- Note that it was incorrectly created with a digest of SHA1 instead of the selected digest (SHA256)
Certificates tab:
Serial: 4 Signature Digest: RSA-SHA1 SAN: DNS:certuser1 KU: Digital Signature, Non Repudiation, Key Encipherment EKU: TLS Web Client Authentication Key Type: RSA Key Size: 2048 ...
- Note that under the certificate name, it does not state "User Certificate"
Yes
- Check in config.xml for the entry and see that the type is empty (
<type></type>)
empty <type></type> in config.xml:
<cert>
<refid>605ad6e7c2e5f</refid>
<descr><![CDATA[certuser]]></descr>
<type></type>
<caref>5dbee81f6b2f9</caref>
...
Update to a build with the fix and repeat the test:
User created on 2.5.1.r.20210323.0300 with SHA256:
- The certificate should correctly have "SHA256" as its digest
Serial: 1 Signature Digest: RSA-SHA256 SAN: DNS:certuser1 KU: Digital Signature, Non Repudiation, Key Encipherment EKU: TLS Web Client Authentication Key Type: RSA Key Size: 2048 DN: /CN=certuser1 Hash: 2e51eb15 ...
- The certificate should show "User Certificate" under its name in the list
Yes
- The config.xml entry for the certificate should contain
<type>user</type>
<cert>
<refid>605ad916b2914</refid>
<descr><![CDATA[certuser1]]></descr>
<type>user</type>
<caref>605ad8efac157</caref>
Actions