search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.01k stars 418 forks source link

Request CSR sometimes produces invalid certificate #21665

Closed gillespi314 closed 1 month ago

gillespi314 commented 1 month ago

Fleet version: <!-- Copy this from the "My account" page in the Fleet UI, or run fleetctl --version --> feat-multiple-abm-vpp-tokens

Web browser and operating system:

💥  Actual behavior

After resetting the Fleet database, I tried turning on Apple MDM. I used the "Request CSR" button and attempted to upload the CSR to APNS. Apple rejected the upload because the CSR was invalid. I eventually reset the database again so that Fleet would generate a new CSR. Apple accepted the new CSR

🧑‍💻  Steps to reproduce

See above. It probably won't reproduce on the first try. I think this requires a certain combination of characters that will depend on the randomness of the crypto operations.

🕯️ More info (optional)

It seems like there might be some edge cases where values aren't being translated properly across different encodings and invalid characters are slipping into the mix. Perhaps new lines or other symbol combinations happen every so often. I recall something similar occurring with FileVault keys. In that case, it was something to do with how Go was processing file lines.

roperzh commented 1 month ago

we confirmed this was an issue in https://identity.apple.com/ that has been solved

fleet-release commented 1 month ago

CSR errors we mend, Fleet's strength in random blend, Trust in code, our friend.