Bug 756014

Summary: Yast2 CA-Management - Possibly unusable server certificate
Product: [openSUSE] openSUSE 11.4 Reporter: Andreas Schallenberg <andreas.schallenberg>
Component: YaST2Assignee: Michael Calmer <mc>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P5 - None    
Version: Final   
Target Milestone: Factory   
Hardware: x86-64   
OS: openSUSE 11.4   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Yast2 logs

Description Andreas Schallenberg 2012-04-06 10:48:13 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) konqueror/4.7.2 Safari/534.34

When exporting a server certificate for the server the yast is running on, I get the message:

"Warnung

Der allgemeine Name des Zertifikats (XXXXX.stratoserver.net) ist nicht der Name des Servers ().
Dieses Zertifikat ist möglicherweise nicht als allgemeines Server-Zertifikat geeignet."

My translation:
"The common name of the certificate (XXXXX.stratoserver.net) is not the one of the server ().
It may be not suitable for a common server certificate."

I replaced the real server name with XXXXX. The reported name of the server is empty though. I don't know if this warning is true (and just the message does not display my server name), if there is a real difference (then: what is the detected server name?) or even if there is an issue detecting the server name at all.

Since I have other issues (TLS not working) with that device I'm sure there is something wrong with the config of the server but I cannot tell if this is a false warning or part of my problem.



Reproducible: Always

Steps to Reproduce:
1. Start Yast2 CA Management
2. Pick a CA and enter
3. Choose a certificate and export it as a common server certificate


Expected Results:  
At least report the server name in braces.
Comment 1 Kun Kun Zhang 2012-04-09 03:25:17 UTC 
Hi,thank you for your report.could you please help to provide y2logs according to the following URL?Thank you.
http://en.opensuse.org/openSUSE:Bugreport_YaST.
Comment 2 Andreas Schallenberg 2012-04-09 20:33:59 UTC 
Created attachment 485368 [details]
Yast2 logs
Comment 3 Michael Calmer 2012-04-12 09:44:17 UTC 
yast2 ca-management calles "hostname --long" and compare the output with the servername of the certificate.

It looks like that the network configuration of your server is broken and "hostname --long" returns an error or nothing.

This may also be the reason for other problems you see.

Please check our DNS setup and/or /etc/hosts . Wrong values in /etc/resolv.conf may also be root of these problems.
Comment 4 Andreas Schallenberg 2012-04-12 12:29:51 UTC 
You are right:

# hostname --long
hostname: Der Name oder der Dienst ist nicht bekannt

(Engl. transl.: "The name or service is unknown").

How about reporing a hint to the user that the "hostname --long" failed and the hostname setup should be fixed? That would put future users on the right track.

Thank you!
Comment 5 Andreas Schallenberg 2012-04-12 17:00:49 UTC 
For the record: I needed to add a line reading "domain stratoserver.net" to resolv.conf. Now "hostname --long" works and the message given by YaST2 doesn't appear anymore.
Comment 6 Michael Calmer 2012-04-25 09:16:19 UTC 
I added a Warning popup with a Details button in Factory which give such a hint.
Comment 7 Bernhard Wiedemann 2012-04-25 10:00:17 UTC 
This is an autogenerated message for OBS integration:
This bug (756014) was mentioned in
https://build.opensuse.org/request/show/115287 Factory / yast2-ca-management