View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001219 | channel: elrepo/el7 | --elrepo--OTHER-- | public | 2022-04-25 16:32 | 2022-04-27 08:47 |
| Reporter | orsty3001 | Assigned To | stindall | ||
| Priority | high | Severity | block | Reproducibility | always |
| Status | resolved | Resolution | no change required | ||
| Summary | 0001219: Secure Boot key is invalid | ||||
| Description | Trying to import the secure boot key and I get this error: Abort!!! ./SECURE-BOOT-KEY-elrepo.org.der is not a valid x509 certificate in DER format | ||||
| Steps To Reproduce | sudo mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der | ||||
| Additional Information | I've tried both the key that was already there and downloaded another key from elrepo. Both give the same error. | ||||
| Tags | No tags attached. | ||||
| Reported upstream | |||||
|
|
Acknowledged. We will investigate. |
|
|
What do you see when you examine the cert with openssl: $ openssl x509 -in SECURE-BOOT-KEY-elrepo.org.der -inform DER -text Certificate: Data: Version: 3 (0x2) Serial Number: e9:d4:71:cf:b4:fe:13:6c Signature Algorithm: sha256WithRSAEncryption Issuer: O=The ELRepo Project (http://elrepo.org), CN=ELRepo.org Secure Boot Key/emailAddress=secure@elrepo.org Validity Not Before: Jul 3 08:20:36 2014 GMT Not After : Jun 28 08:20:36 2034 GMT Subject: O=The ELRepo Project (http://elrepo.org), CN=ELRepo.org Secure Boot Key/emailAddress=secure@elrepo.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:d5:2c:67:c5:5b:b0:5c:8a:96:66:9b:f7:50:ab: a1:01:10:ef:e6:b2:9b:6d:41:0a:71:f1:97:f2:40: f1:69:8e:f6:e4:7e:f2:e1:b3:6d:85:52:a7:d6:4e: 62:6c:4e:b6:b1:6d:32:e7:73:57:01:59:d4:e2:31: 20:59:0c:9c:77:84:e6:22:ca:e1:c7:bb:3a:4b:05: 18:6e:75:f9:d3:8e:93:c6:90:69:5c:bb:94:ef:34: 78:6f:37:47:5d:68:f0:eb:73:fc:ed:3c:8d:72:ea: cc:7f:a5:33:1c:7f:45:0a:9b:02:2b:8a:d2:cc:b6: 6e:fd:6e:2c:4e:16:75:e4:37:8d:2b:09:4f:6c:0d: 7b:2e:61:98:a3:a6:15:2f:7b:c7:11:97:34:aa:f9: 36:62:93:a3:23:ad:ae:91:8c:bc:6f:5a:b6:9a:e5: 61:bb:7e:37:d1:d7:fb:eb:ba:71:cf:21:97:3d:3c: df:a4:8c:dd:d1:29:00:25:b1:67:94:a1:5c:f0:e0: 2b:86:80:45:da:50:0d:6c:77:22:1f:bf:7c:81:3f: a0:10:00:17:41:14:6e:87:d6:ae:14:c9:1d:97:75: d3:16:4a:e4:a4:6d:08:f3:86:dc:93:d8:c9:d4:58: bf:24:20:da:7e:43:22:1b:05:cd:14:12:23:f7:72: a3:cf:dc:a1:07:84:a0:e7:64:b3:cb:88:fb:a3:78: 3c:6c:08:cd:67:40:cb:d3:ec:d5:24:a4:04:f5:b6: 46:a5:21:92:15:ff:49:cd:12:67:62:fa:7c:22:b5: 15:3d:fb:7a:fd:6d:b2:07:d2:0e:9f:46:6e:41:f5: 5e:a9:38:ae:e9:51:04:7c:b3:ee:0d:cc:dc:7a:7b: 81:a0:b8:cb:f0:f9:73:cd:5b:03:4f:d1:bb:e6:2a: 9f:eb:54:00:33:31:33:7d:97:b1:21:b8:8b:3f:5b: 02:f2:f0:e3:4f:06:08:12:6a:9b:3d:ff:ed:32:03: 5c:4b:6a:b5:b6:2e:60:34:37:46:08:e5:02:98:fb: 46:e9:46:0c:fa:18:bc:fd:02:35:69:33:91:d5:7c: 85:d5:bd:ab:74:89:0e:b7:26:90:ab:1e:93:dc:7b: 0e:39:59:1b:0e:b1:35:9b:61:a4:1a:bc:61:ad:e5: b6:ea:b9:09:81:fb:05:05:34:a6:5e:00:0b:6e:a3: 93:28:08:5f:db:43:0c:00:51:45:79:2e:f1:e0:7b: 93:44:d9:dd:bb:0c:8a:e7:82:ad:ac:f6:63:fe:61: 1f:af:31:9a:a9:df:cf:0b:94:5d:9c:20:91:6f:1d: 14:ae:8b:ed:d0:40:cc:9e:69:aa:85:75:05:13:15: b2:54:c3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: Digital Signature X509v3 Subject Key Identifier: F3:65:AD:34:81:A7:B2:0E:34:27:B6:1B:2A:26:63:5B:83:FE:42:7B X509v3 Authority Key Identifier: keyid:F3:65:AD:34:81:A7:B2:0E:34:27:B6:1B:2A:26:63:5B:83:FE:42:7B Signature Algorithm: sha256WithRSAEncryption bd:87:c9:b0:10:7f:9b:b7:79:0d:2e:03:0e:92:ad:90:73:d5: 9a:3b:bc:2f:2e:67:14:c1:31:8f:75:69:6d:7e:74:39:7c:15: dd:7b:c1:a3:ad:68:aa:54:50:99:43:18:be:b2:ce:2f:dc:7f: 9f:48:13:d4:91:00:82:6b:2d:1b:9a:45:1b:d3:bd:70:c5:f9: 5d:eb:f4:ed:c0:7b:c0:e7:90:41:8e:6c:a5:46:9a:92:c6:83: 41:0a:4a:57:61:04:a0:40:28:8d:6c:a9:68:02:9c:52:df:47: 96:9b:a7:1d:b6:28:fd:a3:37:32:26:92:97:77:65:8e:1e:06: b0:f8:5b:72:1e:2d:58:c0:74:ca:c2:ef:26:83:60:e4:85:4f: cd:35:d1:fd:df:15:7c:82:c6:91:aa:90:fb:87:35:00:eb:26: 9c:0d:a8:b4:79:f7:62:85:a4:31:7b:42:ff:7c:ea:38:5f:91: 4f:b1:4b:d0:49:9f:5c:aa:2c:9f:79:91:e9:8c:42:20:eb:f9: df:6c:35:2d:3b:51:57:aa:4b:94:85:21:a9:55:84:31:e7:a0: 92:59:7a:04:0b:4e:1b:e3:ac:a0:4a:c6:84:ce:cb:71:21:7b: 0b:68:8a:c4:46:ec:c3:af:e6:40:2a:3f:e5:a3:75:1f:99:b9: 51:99:de:30:df:c8:37:1a:7a:3f:97:03:73:7a:1d:c0:ff:4f: 3d:82:a1:13:8a:02:4a:41:fa:17:61:a1:81:1c:bc:99:d0:45: 1f:45:6a:41:1d:93:84:66:2d:2f:b6:85:c7:bf:4c:0b:cd:f6: 57:27:de:9e:b0:e1:b3:d1:a6:e8:5d:7d:ac:98:e9:df:27:31: cc:6f:22:10:a6:7c:e4:85:94:cf:f6:20:55:af:bd:0a:72:94: 40:f1:d8:a5:3f:44:67:e6:29:2b:33:ac:2a:ea:ed:c5:9c:c5: 5f:62:18:a6:a2:0d:a3:77:1b:b8:88:7d:2b:0f:47:e4:c5:cc: f2:46:bc:83:e2:0c:59:f5:7e:9f:ba:36:4c:d4:62:83:f9:25: 60:8b:27:ad:f6:b7:68:d4:38:a8:ca:69:d2:34:71:e2:56:af: 9f:16:1b:a0:53:1b:a3:95:95:5b:1b:0f:d6:bc:d2:fa:61:cd: 42:cb:a1:cc:f6:fe:c5:4c:48:34:d5:43:82:59:13:71:e3:7b: d4:0a:7f:e3:0a:b1:aa:50:04:65:97:08:88:49:50:74:c7:5a: ba:e2:79:ac:a2:90:d4:4e:7e:91:79:d4:03:5a:6b:ec:9a:6d: 84:15:76:2f:61:88:20:19:20:20:b7:e3:a7:b9:9f:79:63:09: 9b:2b:01:a2:01:53:6a:d0 -----BEGIN CERTIFICATE----- MIIF0DCCA7igAwIBAgIJAOnUcc+0/hNsMA0GCSqGSIb3DQEBCwUAMHgxLzAtBgNV BAoMJlRoZSBFTFJlcG8gUHJvamVjdCAoaHR0cDovL2VscmVwby5vcmcpMSMwIQYD VQQDDBpFTFJlcG8ub3JnIFNlY3VyZSBCb290IEtleTEgMB4GCSqGSIb3DQEJARYR c2VjdXJlQGVscmVwby5vcmcwHhcNMTQwNzAzMDgyMDM2WhcNMzQwNjI4MDgyMDM2 WjB4MS8wLQYDVQQKDCZUaGUgRUxSZXBvIFByb2plY3QgKGh0dHA6Ly9lbHJlcG8u b3JnKTEjMCEGA1UEAwwaRUxSZXBvLm9yZyBTZWN1cmUgQm9vdCBLZXkxIDAeBgkq hkiG9w0BCQEWEXNlY3VyZUBlbHJlcG8ub3JnMIICIjANBgkqhkiG9w0BAQEFAAOC Ag8AMIICCgKCAgEA1SxnxVuwXIqWZpv3UKuhARDv5rKbbUEKcfGX8kDxaY725H7y 4bNthVKn1k5ibE62sW0y53NXAVnU4jEgWQycd4TmIsrhx7s6SwUYbnX5046TxpBp XLuU7zR4bzdHXWjw63P87TyNcurMf6UzHH9FCpsCK4rSzLZu/W4sThZ15DeNKwlP bA17LmGYo6YVL3vHEZc0qvk2YpOjI62ukYy8b1q2muVhu3430df767pxzyGXPTzf pIzd0SkAJbFnlKFc8OArhoBF2lANbHciH798gT+gEAAXQRRuh9auFMkdl3XTFkrk pG0I84bck9jJ1Fi/JCDafkMiGwXNFBIj93Kjz9yhB4Sg52Szy4j7o3g8bAjNZ0DL 0+zVJKQE9bZGpSGSFf9JzRJnYvp8IrUVPft6/W2yB9IOn0ZuQfVeqTiu6VEEfLPu DczcenuBoLjL8PlzzVsDT9G75iqf61QAMzEzfZexIbiLP1sC8vDjTwYIEmqbPf/t MgNcS2q1ti5gNDdGCOUCmPtG6UYM+hi8/QI1aTOR1XyF1b2rdIkOtyaQqx6T3HsO OVkbDrE1m2GkGrxhreW26rkJgfsFBTSmXgALbqOTKAhf20MMAFFFeS7x4HuTRNnd uwyK54KtrPZj/mEfrzGaqd/PC5RdnCCRbx0Urovt0EDMnmmqhXUFExWyVMMCAwEA AaNdMFswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFPNlrTSB p7IONCe2GyomY1uD/kJ7MB8GA1UdIwQYMBaAFPNlrTSBp7IONCe2GyomY1uD/kJ7 MA0GCSqGSIb3DQEBCwUAA4ICAQC9h8mwEH+bt3kNLgMOkq2Qc9WaO7wvLmcUwTGP dWltfnQ5fBXde8GjrWiqVFCZQxi+ss4v3H+fSBPUkQCCay0bmkUb071wxfld6/Tt wHvA55BBjmylRpqSxoNBCkpXYQSgQCiNbKloApxS30eWm6cdtij9ozcyJpKXd2WO Hgaw+FtyHi1YwHTKwu8mg2DkhU/NNdH93xV8gsaRqpD7hzUA6yacDai0efdihaQx e0L/fOo4X5FPsUvQSZ9cqiyfeZHpjEIg6/nfbDUtO1FXqkuUhSGpVYQx56CSWXoE C04b46ygSsaEzstxIXsLaIrERuzDr+ZAKj/lo3UfmblRmd4w38g3Gno/lwNzeh3A /089gqETigJKQfoXYaGBHLyZ0EUfRWpBHZOEZi0vtoXHv0wLzfZXJ96esOGz0abo XX2smOnfJzHMbyIQpnzkhZTP9iBVr70KcpRA8dilP0Rn5ikrM6wq6u3FnMVfYhim og2jdxu4iH0rD0fkxczyRryD4gxZ9X6fujZM1GKD+SVgiyet9rdo1DioymnSNHHi Vq+fFhugUxujlZVbGw/WvNL6Yc1Cy6HM9v7FTEg01UOCWRNx43vUCn/jCrGqUARl lwiISVB0x1q64nmsopDUTn6RedQDWmvsmm2EFXYvYYggGSAgt+OnuZ95YwmbKwGi AVNq0A== -----END CERTIFICATE----- |
|
|
I'm getting this. ]$openssl x509 -in ./SECURE-BOOT-KEY-elrepo.org.der -inform DER -text unable to load certificate 140579712624528:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1239: 140579712624528:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:405:Type=X509 |
|
|
What's the hash of the cert? $ sha256sum SECURE-BOOT-KEY-elrepo.org.der 8614be58462864707824d63818f07c4d2007572aeca877faf3d92275c1440b89 SECURE-BOOT-KEY-elrepo.org.der |
|
|
I got a different sha256sum so I downloaded it again today. The file I downloaded was smaller and matched what you posted there. I was able to install it. If you're curious I can upload the file I got originally. This part of the installation seems to be working now. |
|
|
Great, glad it's resolved. Where did you download the corrupt file - can you remember? It would be useful to check if a mirror has corrupt content or if it got corrupted whilst downloading onto your system. Thanks |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-04-25 16:32 | orsty3001 | New Issue | |
| 2022-04-25 16:32 | orsty3001 | Status | new => assigned |
| 2022-04-25 16:32 | orsty3001 | Assigned To | => stindall |
| 2022-04-25 16:34 | toracat | Status | assigned => acknowledged |
| 2022-04-25 16:34 | toracat | Note Added: 0008332 | |
| 2022-04-25 17:59 | pperry | Note Added: 0008333 | |
| 2022-04-26 13:00 | orsty3001 | Note Added: 0008336 | |
| 2022-04-26 18:35 | pperry | Note Added: 0008337 | |
| 2022-04-27 08:40 | orsty3001 | Note Added: 0008338 | |
| 2022-04-27 08:46 | pperry | Note Added: 0008339 | |
| 2022-04-27 08:47 | pperry | Status | acknowledged => resolved |
| 2022-04-27 08:47 | pperry | Resolution | open => fixed |
| 2022-04-27 08:47 | pperry | Resolution | fixed => no change required |
