Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-81728

cockpit-ws generates too weak certificates if "sscg" package is not installed and crypto policy is set to FUTURE

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-9.7
    • rhel-9.5, rhel-9.6
    • cockpit
    • None
    • rhel-cockpit
    • ssg_front_door
    • 2
    • Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      This is a continuation of RHEL-78645.
      If sscg package is not installed, /usr/libexec/cockpit-certificate-helper relies on some openssl command to generate the certificate.
      But the command fails to generate the proper certificate because of two JIRAs:

      What is the impact of this issue to you?

      Compliance

      Please provide the package NVR for which the bug is seen:

      cockpit-ws-323.1-1.el9_5.x86_64 and upcoming RHEL9.6 GA package

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. Remove sscg package
      2. Regenerate the certificate

      Expected results

      3072 bits RSA key

      Actual results

      2048 bits RSA key

              rhn-engineering-mpitt Martin Pitt
              rhn-support-rmetrich Renaud Métrich
              RH Bugzilla Integration RH Bugzilla Integration
              Jan Scotka Jan Scotka
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: