Closed sitaramkm closed 4 years ago
Hi @sitaramkm , could you try again? Just tried on your server and got normal OU in the cert:
$ openssl x509 -in /tmp/etc/ssl/venafi.example.cert-with-chain1.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:00:00:00:28:88:c9:76:6c:d4:dc:3e:e3:00:00:00:00:00:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: DC=com, DC=vnfi-demo, CN=vnfi-demo-ca
Validity
Not Before: Nov 12 09:21:24 2019 GMT
Not After : Nov 11 09:21:24 2020 GMT
Subject: C=US, ST=UT, L=Salt Lake City, O=Venafi, Inc., OU=Cloud Automation, CN=xcxc1234vsvxzxz-rsa11-tpp.venafi.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
$ cat /tmp/etc/ssl/venafi.example.cert-with-chain1.pem
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgITIwAAACiIyXZs1Nw+4wAAAAAAKDANBgkqhkiG9w0BAQsF
ADBHMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJdm5maS1k
ZW1vMRUwEwYDVQQDEwx2bmZpLWRlbW8tY2EwHhcNMTkxMTEyMDkyMTI0WhcNMjAx
MTExMDkyMTI0WjCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQH
Ew5TYWx0IExha2UgQ2l0eTEVMBMGA1UEChMMVmVuYWZpLCBJbmMuMRkwFwYDVQQL
ExBDbG91ZCBBdXRvbWF0aW9uMS0wKwYDVQQDEyR4Y3hjMTIzNHZzdnh6eHotcnNh
MTEtdHBwLnZlbmFmaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJP42p2VUM+vGo5GYalcSTPUrwZwLotz3KfDELob5UAGAcHNjGsGOf4DdtSUFF
yhTeYAj43Sa/8TKFP1jS1sMPA3mQUadCHqLNTEQdjgiD3P3Ade4Zv9u2fWRMuix7
4yqcW7KwuhQDxG9pShCvm/wJbnDSW3wVMp6Rebt1WhJT2wuhz8BNEFKMWNV8IpuL
ztEiWDt6jzr2Sf6Y/I1K3khpP1rVnjHSVyQP+nI388QGtwQ6nqMbuflhH58SUy0o
r3sDmpo6qx/nh291ecfNu1OI/e3F6j/kcbgPKBuhgNYykXaai7eIS3yutgwPLKoR
Tsc9A4nC7ATMscseayMh5/29AgMBAAGjggKRMIICjTAvBgNVHREEKDAmgiR4Y3hj
MTIzNHZzdnh6eHotcnNhMTEtdHBwLnZlbmFmaS5jb20wHQYDVR0OBBYEFFB+AQI7
RlFOVh5AgF51yx6liDzuMB8GA1UdIwQYMBaAFLokiKARMYmpR9W3gRQHaerLdp7p
MIHUBgNVHR8EgcwwgckwgcaggcOggcCGgb1sZGFwOi8vL0NOPXZuZmktZGVtby1j
YSxDTj1FQzJBTUFaLTRQOENLMTAsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNl
cnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dm5maS1kZW1v
LERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xh
c3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgcAGCCsGAQUFBwEBBIGzMIGwMIGtBggr
BgEFBQcwAoaBoGxkYXA6Ly8vQ049dm5maS1kZW1vLWNhLENOPUFJQSxDTj1QdWJs
aWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9u
LERDPXZuZmktZGVtbyxEQz1jb20/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENs
YXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwDgYDVR0PAQH/BAQDAgWgMD4GCSsG
AQQBgjcVBwQxMC8GJysGAQQBgjcVCIex1WiDt90Mh+GHCoLRx0SG+uMNgV+BkZ1x
hPWuPQIBZAIBBjATBgNVHSUEDDAKBggrBgEFBQcDATAbBgkrBgEEAYI3FQoEDjAM
MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQAORQlkJH8odLTDUcqmM+Hh
InXDUIAfxciSYwO3SJ0oP+klkcbfrp6uDwNc5oEvJCCKZQOGB77p+EoOFlPwcoPk
Z7l9aO9lKhdBtkGstkoUzagRsA9YPWdqR4Dg1o15ZUN1mGJUG4bVUDbqmDIq+m7Y
KrpYs9Gsnujoz5YCt5vP1xnryqfQ2bM2wGhsSoL4p8aptmV4qtDQ6lXrKGKJRH+H
ZFtnLk13P8CP7u32swQOtC8DjGWqPlpy77tnb8AjT+2p5YtgdYZ4R8+LmrCc91tj
zr5Rjzs5rwZ0ndUqgdAwh8zFm871psi8eougtSfOH4Se06chYpI7+00YfnHrEBo1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDaTCCAlGgAwIBAgIQUpEHkBdKOrpIga8RZ9jYOjANBgkqhkiG9w0BAQsFADBH
MRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJdm5maS1kZW1v
MRUwEwYDVQQDEwx2bmZpLWRlbW8tY2EwHhcNMTkwOTIzMTg0MDE5WhcNMjQwOTIz
MTg1MDE4WjBHMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJ
dm5maS1kZW1vMRUwEwYDVQQDEwx2bmZpLWRlbW8tY2EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC5/7HAfcua4cFRc5FL4nu2oEu1pEK5nZe3cNZr0kNj
6f85OTI1pHKdfONgYNRP7sChP7yMTBCK64O05q3jm9MlBUcMZVGKh+NF/+Q3HH8S
sMiG1HJdi6pHiSPy6A22RxvY5lgPoePnCFVc77UJDxGC4xDYhLhS6qfddLit1eWE
I7+swOEMKAN0Xi2nre0RwsBd54fjuhfMrYM1kj2KFYXhmQOE1KHdDmOQtNyPKZY2
PopLZaxNtVR7XUW3KcuAjd8eu/jXjhr3vUja8XDpwUQBdgp2ZmdGmu80NszI7PGr
9DdS1XpaMVPrlH/Pc7qMVtDBcHdSgzM2FYodGVMGZFFdAgMBAAGjUTBPMAsGA1Ud
DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS6JIigETGJqUfVt4EU
B2nqy3ae6TAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAaXoZ
EEc8BOC3aLKlb/L21sT4OrQaEiqAUw9qCmSksMBaZ9bd1FakAf/okjrY+1oGhV4H
jrG3Uqevos5cO+hgafGoFU4WKTu1RxDXga5Vj+GFpmx2E9zS2EpbLH0qIJc72WaR
Als+M627SPP2M5uC0zD5uHwSmRYHX/bAQXYkt56NTh5ipK55hYgsW+5A3QhgCt5M
4B9dOyjzIrIji2s7xLxeBAIbGf6nvtcRaF1PDrB4Z3mDVb1wYt9EF5pdBmZgwKhU
+lTd5DXQ/d4EGoSDT06xXFj3tjCmXGQB45syalDAK9PZEF4avmKdwv/zfiQJOy9f
1TuLoPjy/Ne+W4Kt+g==
-----END CERTIFICATE-----
Also, what python version, OS and locale you're using?
Also, what python version, OS and locale you're using?
2.7, Ubuntu 19.10 and en_US. Looks like this is a non-issue considering there was a mismatch with the version of vcert and the CSR. I will close this issue
I don't think this is fixed. I can still reproduce with the latest code.
I have vcert 0.68 and ansible role 0.2.1
Original issue was addressed by https://github.com/Venafi/vcert-python/pull/25, https://github.com/Venafi/ansible-role-venafi/pull/10 and https://github.com/Venafi/ansible-role-venafi/pull/12. Secondary issue was re-reported in https://github.com/Venafi/ansible-role-venafi/issues/16.
PROBLEM SUMMARY The organization unit value is incorrectly set with additional brackets in the issued certificate.
STEPS TO REPRODUCE Setup CA, and then create a sample policy folder. In the Certificate tab of policy set up the Subject DN. All values for Subject DN are in unlocked state. See screenshot below for values
Run a simple Ansible venafi playbook. See below `---
EXPECTED RESULTS Certificate to be issued
ACTUAL RESULTS Certificate is issued but the OU value is incorrect. It does not match the value in the policy . See screenshot below. The value of OU must be
Automation Team
. However it shows as `[u'Automation Team']ENVIRONMENT DETAILS vcert 0.6.8 Venafi Ansible Role GitHub:Latest
COMMENTS/WORKAROUNDS