Bug #11705: Creating a certificate while creating a user does not fully configure the certificate properly - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #11705

closed

Creating a certificate while creating a user does not fully configure the certificate properly

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:

Resolved

Priority:

High

Assignee:

Jim Pingle

Category:

Certificates

Target version:

2.5.1

Start date:

03/19/2021

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Default

Affected Version:

2.5.0

Affected Architecture:

Description

When creating a certificate while creating a new user (not adding to an existing user), the resulting certificate is missing properties:

1. The certificate does not have the chosen Digest Algorithm -- it assumes SHA1
2. The certificate type is empty, it should be set to "user"

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset 0aa7f5a7ee5e7b5fd2292669cfc2dd7c420e04f7.

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Category changed from Certificates to Captive Portal
Assignee deleted (~~Jim Pingle~~)
Target version deleted (~~2.5.1~~)
Affected Version deleted (~~2.5.0~~)

To test:

Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default) as the digest algorithm.
Check in the cert manager on the Certificates tab and inspect the certificate details
- Note that it was incorrectly created with a digest of SHA1 instead of the selected digest (SHA256)
- Note that under the certificate name, it does not state "User Certificate"
- Check in config.xml for the entry and see that the type is empty (<type></type>)

Update to a build with the fix and repeat the test:

The certificate should correctly have "SHA256" as its digest
The certificate should show "User Certificate" under its name in the list
The config.xml entry for the certificate should contain <type>user</type>

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Category changed from Captive Portal to Certificates
Assignee set to Jim Pingle
Target version set to 2.5.1
Affected Version set to 2.5.0

Actions

Copy link

Updated by Viktor Gurov over 3 years ago

Status changed from Feedback to Resolved

Jim Pingle wrote:

To test:

Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default) as the digest algorithm.

Check in the cert manager on the Certificates tab and inspect the certificate details

User created on 2.5.0 with SHA256:

Note that it was incorrectly created with a digest of SHA1 instead of the selected digest (SHA256)

Certificates tab:

Serial: 4
Signature Digest: RSA-SHA1
SAN: DNS:certuser1
KU: Digital Signature, Non Repudiation, Key Encipherment
EKU: TLS Web Client Authentication
Key Type: RSA
Key Size: 2048
...

Note that under the certificate name, it does not state "User Certificate"

Yes

Check in config.xml for the entry and see that the type is empty (<type></type>)

empty <type></type> in config.xml:

<cert>
                <refid>605ad6e7c2e5f</refid>
                <descr><![CDATA[certuser]]></descr>
                <type></type>
                <caref>5dbee81f6b2f9</caref>
...

Update to a build with the fix and repeat the test:

User created on 2.5.1.r.20210323.0300 with SHA256:

The certificate should correctly have "SHA256" as its digest

Serial: 1
Signature Digest: RSA-SHA256
SAN: DNS:certuser1
KU: Digital Signature, Non Repudiation, Key Encipherment
EKU: TLS Web Client Authentication
Key Type: RSA
Key Size: 2048
DN: /CN=certuser1
Hash: 2e51eb15
...

The certificate should show "User Certificate" under its name in the list

Yes

The config.xml entry for the certificate should contain <type>user</type>

<cert>
                <refid>605ad916b2914</refid>
                <descr><![CDATA[certuser1]]></descr>
                <type>user</type>
                <caref>605ad8efac157</caref>

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #11705

Creating a certificate while creating a user does not fully configure the certificate properly

Updated by Jim Pingle over 3 years ago

Updated by Jim Pingle over 3 years ago

Updated by Jim Pingle over 3 years ago

Updated by Viktor Gurov over 3 years ago