[dev.icinga.com #11159] Common name in node wizard isn't case sensitive

[icinga-migration]

This issue has been migrated from Redmine: https://dev.icinga.com/issues/11159

Created by rafael.voss on 2016-02-15 11:16:53 +00:00

Assignee: mfriedrich
Status: Resolved (closed on 2016-03-11 13:25:03 +00:00)
Target Version: 2.4.4
Last Update: 2016-03-11 14:57:17 +00:00 (in Redmine)

Icinga Version: 2.4.1
Backport?: Already backported
Include in Changelog: 1

---

If you use "icinga2.exe node wizard" and you have a hostname with uppercase letters, the certificate creation will fail as the wizard uses a lowercase hostname, regardless what you have entered as common name or zonename.

Attachments

• icinga2_11159_windows_node_wizard_fixed.png mfriedrich - 2016-03-11 13:19:39 +00:00
• icinga2_11159_windows_node_wizard_problem.png mfriedrich - 2016-03-11 13:19:39 +00:00

Changesets

2016-03-11 13:22:24 +00:00 by mfriedrich 4746b21

Fix: Common name in node wizard isn't case sensitive

fixes #11159

2016-03-11 14:57:10 +00:00 by mfriedrich 5516427

Fix: Common name in node wizard isn't case sensitive

fixes #11159

---

Relations:

• relates #11159

[icinga-migration]

Updated by mfriedrich on 2016-02-24 20:00:38 +00:00

DNS names, as in the FQDN, are always case insensitive. https://tools.ietf.org/html/rfc4343 Therefore the lowercase notation is correct about it. You're probably using the Windows AD names which do not care about upper and lower case characters. The SSL certification CN is also case insensitive, so imho we're on the safe side to use the lowercase notation enforcing a clear specification for names amongst multiple operating systems.

[icinga-migration]

Updated by mfriedrich on 2016-02-24 20:03:01 +00:00

• Status changed from New to Feedback
• Assigned to set to rafael.voss

Do you have an example for when the wizard is failing? (screenshot)

[icinga-migration]

Updated by rafael.voss on 2016-02-24 20:44:08 +00:00

here is the Output from the wizard. As you can see the "Please specifiy the local zone name [my_little_hostname]:" is already in lowercase. With lowercase the certificate fetch will fail, as the ticket was generated for uppercase hostname.

c:\Program Files (x86)\ICINGA2\sbin>icinga2.exe node wizard
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.



Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]:
Starting the Node setup routine...
Please specifiy the common name (CN) [XXXXXXXXX]: my_little_HOSTNAME
Please specifiy the local zone name [my_little_hostname]: my_little_HOSTNAME
Please specify the master endpoint(s) this node should connect to:
Master Common Name (CN from your master setup): xxxx.xxxx.de
Do you want to establish a connection to the master from this node? [Y/n]:
Please fill out the master connection information:
Master endpoint host (Your master's IP address or FQDN): 192.168.1.2
Master endpoint port [5665]:
Add more master endpoints? [y/N]:
Please specify the master connection for CSR auto-signing (defaults to master endpoint host):
Host [192.168.1.2]:
Port [5665]:
information/base: Writing private key to 'C:\Program Files (x86)\ICINGA2\etc/icinga2/pki/my_little_hostname.key'.
information/base: Writing X509 certificate to 'C:\Program Files (x86)\ICINGA2\etc/icinga2/pki/my_little_hostname.crt'.
information/cli: Fetching public certificate from master (192.168.1.2, 5665):

Certificate information:

 Subject:     CN = xxxx.xxxx.de
 Issuer:      CN = Icinga CA
 Valid From:  Feb 25 22:01:30 2015 GMT
 Valid Until: Feb 17 22:01:30 2045 GMT
 Fingerprint: XX XX ....

Is this information correct? [y/N]: y
information/cli: Received trusted master certificate.

Please specify the request ticket generated on your Icinga 2 master.
 (Hint: # icinga2 pki ticket --cn 'my_little_hostname'): xxxxx
information/cli: Requesting certificate with ticket 'xxxxx'.

information/cli: Created backup file 'C:\Program Files (x86)\ICINGA2\etc/icinga2/pki/my_little_hostname.crt.orig'.
critical/cli: Invalid ticket.
critical/cli: Failed to fetch signed certificate from master '192.168.1.2, 5665'. Please try again.
Please specify the request ticket generated on your Icinga 2 master.
 (Hint: # icinga2 pki ticket --cn 'my_little_hostname'):

[icinga-migration]

Updated by mfriedrich on 2016-02-24 23:35:05 +00:00

• Relates set to 9898

[icinga-migration]

Updated by mfriedrich on 2016-03-10 16:37:20 +00:00

• Status changed from Feedback to Assigned
• Assigned to changed from rafael.voss to mfriedrich
• Target Version set to 2.5.0

[icinga-migration]

Updated by mfriedrich on 2016-03-11 13:19:44 +00:00

• File added icinga2_11159_windows_node_wizard_fixed.png
• File added icinga2_11159_windows_node_wizard_problem.png
• Target Version changed from 2.5.0 to 2.4.4

Problem

Fixed

[icinga-migration]

Updated by mfriedrich on 2016-03-11 13:21:54 +00:00

• Subject changed from Windows Remote Client/Agent node wizard isn't case sensitive. to Common name in node wizard isn't case sensitive

[icinga-migration]

Updated by mfriedrich on 2016-03-11 13:25:03 +00:00

• Status changed from Assigned to Resolved
• Done % changed from 0 to 100

Applied in changeset 4746b21.

[icinga-migration]

Updated by mfriedrich on 2016-03-11 14:57:17 +00:00

• Backport? changed from Not yet backported to Already backported