Ubuntu
certmonger package

Can't Validate CA Certificates 22.04

Bug #2007685 reported by Jimothy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
certmonger (Ubuntu)
New
Undecided
Unassigned

Bug Description

I have a puppet script that issues 802.1x certificates for networking, this process works fine on previous versions of Ubuntu LTS. However when the same process runs on 22.04, it reports an issue verifying the signature on the server to do with the CA.

Usually, the root and ca certs are added with getcert add-scep-ca, I then run getcert list-cas which shows the ca are present. No error seen at this point.

When I run my getcert request command to get the key pair, it only managed to create the client.key. When I run getcert list, I get the following:

Number of certificates and requests being tracked: 1.
Request ID '20230214151328':
    status: CA_UNREACHABLE
    ca-error: Error: failed to verify signature on server response. error:10800075:PKCS7 routines::certificate verify error
    stuck: no
    key pair storage: type=FILE,location='/etc/ssl/private/802/client.key',pin set
    certificate: type=FILE,location='/etc/ssl/private/802/client.pem'
    signing request thumbprint (MD5): F966FE33 9776517E 9E12C712 244780FF
    signing request thumbprint (SHA1): 7D0099AE B85C6CBB E5910E2B 98A52D9A BC347A5C
    CA: lboro-ca
    issuer:
    subject:
    issued: unknown
    expires: unknown
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes

Bernard pointed out some dbus changes in the Ubuntu 22.04 version could have been an isuse. These seem to reference org.fedorahosted.certmonger which doesn't seem Ubuntu centric. https://answers.launchpad.net/ubuntu/+source/certmonger/+question/705044

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: certmonger 0.79.14+git20211010-2ubuntu1
ProcVersionSignature: Ubuntu 5.15.0-58.64-generic 5.15.74
Uname: Linux 5.15.0-58-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
Date: Fri Feb 17 12:20:40 2023
InstallationDate: Installed on 2023-02-08 (9 days ago)
InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: certmonger
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2023-02-08T12:50:10.445988

See original description
Revision history for this message
Jimothy (jambonum5) wrote :
Revision history for this message
Jimothy (jambonum5) wrote :

I have just tried tailing the certmonger service log and it is reporting issues resolving the hostname, this is odd as the main system is able to contact the address with no problem.

Error 6 connecting to http://somewhere.ac.uk/scep/1/gCL2ncRDUGl90F4zcUtm/: Couldn't resolve host name

Jimothy (jambonum5)
description: updated
summary: - Can't Validate CA Certifcates
+ Can't Validate CA Certificates 22.04
Revision history for this message
Jimothy (jambonum5) wrote (last edit ):

Is there anyone that can advise on this problem? I'm getting the impression that this is down to the more up to date libssl package. Seem to get the same reason on RHEL system too.

Really struggling to find away around the issue, tried compiling certmonger from scratch but could successfully build it, even when I finally managed to get the dependencies installed.

Revision history for this message
Jimothy (jambonum5) wrote :

There looks like there has been a patch published to fix this issue...

https://launchpad.net/ubuntu/+source/certmonger/0.79.14+git20211010-2ubuntu1.1

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.