IdM/IPA Client Installation Does Not Complete. Cannot obtain CA certificate.
Issue
Bugzilla 915504 made development aware of a problem introduced when CVE-2012-5484 was addressed, where a MITM attack could occur during the join process.
As a result, it was found out that during a join, the CA certificate loaded into LDAP is base64 encoded when it should be stored in raw DER format. A client retrieving this base64 encoded certificate will expect it to be in binary format and may crash.
Environment
- Red Hat Enterprise Linux 5 IdM Client
- Red Hat Enterprise Linux 6.4 IdM Server
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.