Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dev.icinga.com #10074] Missing zero padding for generated CA serial.txt #3369

Closed
icinga-migration opened this issue Sep 1, 2015 · 3 comments
Closed

[dev.icinga.com #10074] Missing zero padding for generated CA serial.txt #3369

icinga-migration opened this issue Sep 1, 2015 · 3 comments
Labels
bug Something isn't working
Milestone
2.3.10

Comments

@icinga-migration
Copy link

This issue has been migrated from Redmine: https://dev.icinga.com/issues/10074

Created by jflach on 2015-09-01 16:01:26 +00:00

Assignee: mfriedrich
Status: Resolved (closed on 2015-09-03 15:12:15 +00:00)
Target Version: 2.3.10
Last Update: 2015-09-03 15:19:34 +00:00 (in Redmine)

Icinga Version: 2.4.0
Backport?: Already backported
Include in Changelog: 1

$ openssl x509 -req -in client.req [...]
unable to load number from /var/lib/icinga2/ca/serial.txt
140112921380496:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:f_int.c:215:
$ cat /var/lib/icinga2/ca/serial.txt
3

serials have to be two digit numbers, '03' in this case.

Changesets

2015-09-03 15:12:01 +00:00 by mfriedrich 9a2ae6e

Fix missing zero padding for generated CA serial

fixes #10074

2015-09-03 15:17:03 +00:00 by mfriedrich c953104

Fix missing zero padding for generated CA serial

fixes #10074
@icinga-migration
Copy link
Author

Updated by mfriedrich on 2015-09-03 15:08:19 +00:00

  • Subject changed from Icinga2 node wizard creates invalid serial.txt to Missing zero padding for generated CA serial.txt
  • Status changed from New to Assigned
  • Assigned to set to mfriedrich
  • Target Version set to 2.4.0

Ok, I'm able to reproduce it:

# openssl req -key nbmif.int.netways.de.key -new -out client.req

# cat /var/lib/icinga2/ca/serial.txt
9

# openssl x509 -req -in client.req -CA /var/lib/icinga2/ca/ca.crt -CAkey /var/lib/icinga2/ca/ca.key -CAserial /var/lib/icinga2/ca/serial.txt -out client.pem
Signature ok
subject=/C=DE/L=Default City/O=Default Company Ltd
Getting CA Private Key
unable to load number from /var/lib/icinga2/ca/serial.txt
139696169211768:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:f_int.c:215:

The problem comes from padding zeros required for openssl serials. See http://stackoverflow.com/a/10632725

Fix

# openssl x509 -req -in client.req -CA /var/lib/icinga2/ca/ca.crt -CAkey /var/lib/icinga2/ca/ca.key -CAserial /var/lib/icinga2/ca/serial.txt -out client.pem
Signature ok
subject=/C=DE/L=Default City/O=Default Company Ltd
Getting CA Private Key

@icinga-migration
Copy link
Author

Updated by mfriedrich on 2015-09-03 15:12:15 +00:00

  • Status changed from Assigned to Resolved
  • Done % changed from 0 to 100

Applied in changeset 9a2ae6e.

@icinga-migration
Copy link
Author

Updated by mfriedrich on 2015-09-03 15:19:34 +00:00

  • Target Version changed from 2.4.0 to 2.3.10
  • Backport? changed from TBD to Yes

@icinga-migration icinga-migration added bug Something isn't working libbase labels Jan 17, 2017
@icinga-migration icinga-migration added this to the 2.3.10 milestone Jan 17, 2017
@dnsmichi dnsmichi mentioned this issue Aug 23, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
2.3.10
Development

No branches or pull requests
1 participant
@icinga-migration