Project

General

Profile

Bug #8801

OpenVPN Wizard, User Manager, Cert Manager will place CA CN in the Country Code field of a Certificate

Added by James Dekker 10 months ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
08/18/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.4
Affected Architecture:
All

Description

Go to System Cert Manager > CAs and make a new CA. Go to VPN > OpenVPN and click Wizards. On the first step choose local user access, then next and use the existing CA, then next and click Add new certificate. Notice the Country code is the CA's CN.

18-08-2018_01_13_34.png (19.8 KB) 18-08-2018_01_13_34.png James Dekker, 08/18/2018 12:15 AM
18-08-2018_01_13_22.png (42.1 KB) 18-08-2018_01_13_22.png James Dekker, 08/18/2018 12:15 AM

Associated revisions

Revision 1ec79365 (diff)
Added by Jim Pingle 10 months ago

Certs: Fix CA subject assumptions. Fixes #8801

Several areas made assumptions about the number and order of CA subject
fields that were no longer correct after issue #8381 was corrected.

While here, also remove some outdated references to fields that are no
longer needed in related areas.

History

#1 Updated by Jim Pingle 10 months ago

  • Category set to OpenVPN
  • Status changed from New to This Sprint
  • Assignee set to Jim Pingle
  • Affected Architecture set to All

#2 Updated by Jim Pingle 10 months ago

Fix for this is coming. It affected more than just the OpenVPN wizard. The OpenVPN wizard, cert manager, and User Manager all made incorrect assumptions about the CA subject parameter order and count. They referenced these subject fields by number and not by name, so any CA with less fields than expected would confuse these areas. It actually resulted in the failure to create a new cert for a user entirely as well.

When testing, please check the following areas using a CA that only contains a CN, nothing else:

  • Using the OpenVPN wizard as described in this issue above
  • Creating a new user with a certificate (make the certificate while creating the user -- not after)
  • Create a new server or user certificate from inside the certificate manager, check that the CA fields are populated appropriately when selecting the CA

It would also be worth testing these areas again with a CA that has every field filled in.

#3 Updated by Jim Pingle 10 months ago

  • Status changed from This Sprint to Feedback
  • % Done changed from 0 to 100

#4 Updated by Jim Pingle 10 months ago

  • Subject changed from OpenVPN Wizard will place CA's CN in the Country Code field of Server Certificate to OpenVPN Wizard, User Manager, Cert Manager will place CA CN in the Country Code field of a Certificate

#5 Updated by Chris Macmahon 10 months ago

  • Status changed from Feedback to Resolved

tested on image 2.4.4.a.20180825.0917 this is no longer happening,
Using the OpenVPN wizard as described in this issue above
-this is resolved.

Creating a new user with a certificate (make the certificate while creating the user -- not after)
-this happened as desired, certificate made with out the country code being populated with ca cn

Create a new server or user certificate from inside the certificate manager, check that the CA fields are populated appropriately when selecting the CA
-this happened as desired, certificate made with out the country code being populated with ca cn

Also available in: Atom PDF