Project

General

Profile

Actions

Bug #11705

closed

Creating a certificate while creating a user does not fully configure the certificate properly

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Certificates
Target version:
Start date:
03/19/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

When creating a certificate while creating a new user (not adding to an existing user), the resulting certificate is missing properties:

1. The certificate does not have the chosen Digest Algorithm -- it assumes SHA1
2. The certificate type is empty, it should be set to "user"

Actions #1

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle over 3 years ago

  • Category changed from Certificates to Captive Portal
  • Assignee deleted (Jim Pingle)
  • Target version deleted (2.5.1)
  • Affected Version deleted (2.5.0)

To test:

  • Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default) as the digest algorithm.
  • Check in the cert manager on the Certificates tab and inspect the certificate details
    • Note that it was incorrectly created with a digest of SHA1 instead of the selected digest (SHA256)
    • Note that under the certificate name, it does not state "User Certificate"
    • Check in config.xml for the entry and see that the type is empty (<type></type>)

Update to a build with the fix and repeat the test:

  • The certificate should correctly have "SHA256" as its digest
  • The certificate should show "User Certificate" under its name in the list
  • The config.xml entry for the certificate should contain <type>user</type>
Actions #3

Updated by Jim Pingle over 3 years ago

  • Category changed from Captive Portal to Certificates
  • Assignee set to Jim Pingle
  • Target version set to 2.5.1
  • Affected Version set to 2.5.0
Actions #4

Updated by Viktor Gurov over 3 years ago

  • Status changed from Feedback to Resolved

Jim Pingle wrote:

To test:

  • Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default) as the digest algorithm.
  • Check in the cert manager on the Certificates tab and inspect the certificate details

User created on 2.5.0 with SHA256:

  • Note that it was incorrectly created with a digest of SHA1 instead of the selected digest (SHA256)

Certificates tab:

Serial: 4
Signature Digest: RSA-SHA1
SAN: DNS:certuser1
KU: Digital Signature, Non Repudiation, Key Encipherment
EKU: TLS Web Client Authentication
Key Type: RSA
Key Size: 2048
...

  • Note that under the certificate name, it does not state "User Certificate"

Yes

  • Check in config.xml for the entry and see that the type is empty (<type></type>)

empty <type></type> in config.xml:

<cert>
                <refid>605ad6e7c2e5f</refid>
                <descr><![CDATA[certuser]]></descr>
                <type></type>
                <caref>5dbee81f6b2f9</caref>
...

Update to a build with the fix and repeat the test:

User created on 2.5.1.r.20210323.0300 with SHA256:

  • The certificate should correctly have "SHA256" as its digest
Serial: 1
Signature Digest: RSA-SHA256
SAN: DNS:certuser1
KU: Digital Signature, Non Repudiation, Key Encipherment
EKU: TLS Web Client Authentication
Key Type: RSA
Key Size: 2048
DN: /CN=certuser1
Hash: 2e51eb15
...
  • The certificate should show "User Certificate" under its name in the list

Yes

  • The config.xml entry for the certificate should contain <type>user</type>
<cert>
                <refid>605ad916b2914</refid>
                <descr><![CDATA[certuser1]]></descr>
                <type>user</type>
                <caref>605ad8efac157</caref>
Actions

Also available in: Atom PDF