Error when installing same certificate first as openstack_ca and then as ssl_ca
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Marcelo de Castro Loebens |
Bug Description
Brief Description
-----------------
A warning is shown when a same certificate is installed first as openstack_ca and then as ssl_ca.
Severity
--------
Minor
Steps to Reproduce
------------------
[sysadmin@
+------
| Property | Value |
+------
| uuid | f4dea97b-
| certtype | openstack_ca |
| signature | openstack_
| start_date | 2022-10-19 09:52:17+00:00 |
| expiry_date | 2023-10-19 09:52:17+00:00 |
| subject | CN=internal.
+------
[sysadmin@
WARNING: Some certificates were not installed.
Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : f4dea97b-
Expected Behavior
------------------
[sysadmin@
+------
| Property | Value |
+------
| uuid | f4dea97b-
| certtype | openstack_ca |
| signature | openstack_
| start_date | 2022-10-19 09:52:17+00:00 |
| expiry_date | 2023-10-19 09:52:17+00:00 |
| subject | CN=internal.
+------
[sysadmin@
+------
| Property | Value |
+------
| uuid |xxxxxxxxxxxxxx
| certtype | ssl_ca |
| signature | ssl_ca_
| start_date | 2022-10-19 09:52:17+00:00 |
| expiry_date | 2023-10-19 09:52:17+00:00 |
| subject | CN=internal.
+------
Actual Behavior
----------------
Certificate not installed with a error message:
"Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first."
Reproducibility
---------------
100% reproducible.
System Configuration
-------
simplex, duplex
Branch/Pull Time/Commit
-------
N/A.
Last Pass
---------
N/A.
Timestamp/Logs
--------------
N/A.
Test Activity
-------------
Developer Testing.
Workaround
----------
Change the order.
Install as ssl_ca certificate first then openstack_ca certificate.
Changed in starlingx: | |
assignee: | nobody → Marcelo de Castro Loebens (mdecastr) |
status: | New → In Progress |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.8.0 stx.security |
Reviewed: https:/ /review. opendev. org/c/starlingx /config/ +/861659 /opendev. org/starlingx/ config/ commit/ 77bfd8a15fc6fa2 29c223c4dc8baa6 5ca49bdf28
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 77bfd8a15fc6fa2 29c223c4dc8baa6 5ca49bdf28
Author: Marcelo Loebens <email address hidden>
Date: Mon Oct 17 15:22:49 2022 -0400
Fix duplicate subject issue for SSL_CA certs
Fixed an issue where SSL_CA certs were considered duplicate
when installed after other certificate with different
mode but same subject.
Test Plan:
PASS: Install 2 certs with same subject, the first as
OpenStack_ CA mode and the second as SSL_CA. Verify
the installation as successful.
PASS: Install 2 certs with same subject, both as SSL_CA.
Verify the installation is stopped with a warning saying
"Cannot install certificate with same subject."
Closes-Bug: 1993731
Signed-off-by: Marcelo Loebens <email address hidden> 6d08a97505087cc de60b770e5a
Change-Id: I9c7fd91a09a005