Guest

Preview Tool

Cisco Bug: CSCuq34684 - CSR content is not showing correctly under OSAdministration page.

Last Modified

Mar 05, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(1.98000.201)

Description (partial)

Symptom:
Generate a new CSR and click on the "CSR Only" certificate in OSAdministrator page.

Conditions:
When logging into the CUCM Server's OSAdministration page and create a CSR to be signed, when we have a look at this CSR, we get the following:


PKCS10 Request: [
Version: 0
Subject: SERIALNUMBER=a9f39dcaa3e4d422f71a715c8d8da3ea29080cd996a4b83a35e19ae364a65762, CN=UCCE-CUCM.farbzi.com, OU=Pacific Highway, O=Cisco Systems, L=St Leonards, ST=NSW, C=AU
SubjectPKInfo: RSA (1.2.840.113549.1.1.1)
Key value: 3082010a0282010100a65551703bd431d95ac08c27117c48b516c73c0e73495955ee71ce5581e3683f49dba0661d86775194902217eed35dfde3e0d37e56fd3c0959a404c9ed1ae4aebd40de8522e4e21eebf925accb0e0ff892eb94c3489a9ecba9d53db0cac0bc9f5031d84ec4341a8003a104f43919a078cd557de333791c9c5666b92e186b63bdfa6b44f4b4373c2c418a022f7c84bea4ee9ed42035abe78c351994020731b170fc05ec8eda30783f2d604f832015e7563bd1acaadc6b684c39a74603c167e0b2719501b82c4c7c76d39048ccdfdcf2c59952d941201c98acb4d78b71b30afc94b88cde992822f4fd6ba9c2954eb969860b41260baf457c0c8f49e9ff46e4dc030203010001
Attributes: [
Requested Extensions [ 
ExtKeyUsage [
1.3.6.1.5.5.7.3.1
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.5
]
KeyUsage [
nonRepudiation, dataEncipherment, keyAgreement, keyCertSign, ]
SubjectAltName [
farbzi.com (dNSName)
UCCE-CUCM.farbzi.com (dNSName)
]
]
]



I logged into the root and navigated to the Tomcat CSR and ran the OpenSSL command and I get this for the CSR:
[root@UCCE-CUCM keys]# openssl req -text -noout -verify -in tomcat.csr
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=AU, ST=NSW, L=St Leonards, O=Cisco Systems, OU=Pacific Highway, CN=UCCE-CUCM.farbzi.com/serialNumber=a9f39dcaa3e4d422f71a715c8d8da3ea29080cd996a4b83a35e19ae364a65762
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a6:55:51:70:3b:d4:31:d9:5a:c0:8c:27:11:7c:
48:b5:16:c7:3c:0e:73:49:59:55:ee:71:ce:55:81:
e3:68:3f:49:db:a0:66:1d:86:77:51:94:90:22:17:
ee:d3:5d:fd:e3:e0:d3:7e:56:fd:3c:09:59:a4:04:
c9:ed:1a:e4:ae:bd:40:de:85:22:e4:e2:1e:eb:f9:
25:ac:cb:0e:0f:f8:92:eb:94:c3:48:9a:9e:cb:a9:
d5:3d:b0:ca:c0:bc:9f:50:31:d8:4e:c4:34:1a:80:
03:a1:04:f4:39:19:a0:78:cd:55:7d:e3:33:79:1c:
9c:56:66:b9:2e:18:6b:63:bd:fa:6b:44:f4:b4:37:
3c:2c:41:8a:02:2f:7c:84:be:a4:ee:9e:d4:20:35:
ab:e7:8c:35:19:94:02:07:31:b1:70:fc:05:ec:8e:
da:30:78:3f:2d:60:4f:83:20:15:e7:56:3b:d1:ac:
aa:dc:6b:68:4c:39:a7:46:03:c1:67:e0:b2:71:95:
01:b8:2c:4c:7c:76:d3:90:48:cc:df:dc:f2:c5:99:
52:d9:41:20:1c:98:ac:b4:d7:8b:71:b3:0a:fc:94:
b8:8c:de:99:28:22:f4:fd:6b:a9:c2:95:4e:b9:69:
86:0b:41:26:0b:af:45:7c:0c:8f:49:e9:ff:46:e4:
dc:03
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, IPSec End System
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
X509v3 Subject Alternative Name:
DNS:farbzi.com, DNS:UCCE-CUCM.farbzi.com
Signature Algorithm: sha256WithRSAEncryption
67:3e:1a:3a:5f:14:c0:ca:56:76:ea:b4:15:fe:9e:d7:0f:a0:
bd:8d:ae:ee:7a:5a:75:c0:2c:17:ee:cf:a1:e9:c4:a0:49:eb:
a4:53:ba:fe:42:b7:52:16:b1:55:a1:67:95:fa:3c:c7:18:1b:
1c:fb:95:06:a1:76:c8:71:b0:b3:be:e7:7f:3e:81:1a:62:e9:
e4:70:b6:2d:ba:3b:40:87:14:b2:ed:e4:24:b9:ca:20:4f:fa:
5e:c4:e0:52:83:64:08:11:ae:55:0e:8b:36:a1:39:28:a8:ab:
ab:ab:e2:1e:59:2a:9c:7c:57:5c:eb:a4:1f:35:c0:55:47:71:
ad:a9:44:0c:91:2e:6f:e4:5d:43:14:a1:8f:16:94:d2:9d:cc:
4e:a8:9f:de:a1:ee:c3:3c:d2:f5:ae:67:db:e6:be:1d:9c:52:
ee:a3:01:4b:48:90:f6:e5:57:29:ed:e8:4c:5b:1c:e9:e1:89:
9d:f6:db:9f:52:e0:e8:14:6c:88:f9:e0:41:99:67:60:23:c8:
53:62:de:1b:ad:6e:18:dc:3f:75:ba:4f:2a:91:07:d0:50:ed:
bf:75:a8:b6:ae:32:ed:dc:be:c4:a8:0f:87:9e:66:c6:70:85:
c1:e0:1d:53:84:9d:78:a3:90:d8:91:9c:9e:e6:1c:69:ee:8a:
1e:a9:6d:90
[root@UCCE-CUCM keys]#

Keyusage as shown in different and incorrect
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.