Bug 1098208

Summary: Rebase certmonger to include the ability to add IPA CA cert to NSS database (and files)
Product: Red Hat Enterprise Linux 6 Reporter: Nalin Dahyabhai <nalin>
Component: certmongerAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.5CC: dpal, jgalipea, jpazdziora, kchamart, mharmsen, nalin, nsoman, rcritten
Target Milestone: rcKeywords: FutureFeature, Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: certmonger-0.75.2-1.el6 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: 767700 Environment:
Last Closed: 2014-10-14 07:12:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 759545, 767700, 817405    
Bug Blocks: 1103090    

Description Nalin Dahyabhai 2014-05-15 13:28:28 UTC 
One of the uses cases we're trying to address in the next update is this one, which is a specific instance of the general problem of fetching and storing the certificates of a CA's root certificate that we trust, along with any that are between that root and the certificates that the CA issues to us.

Adding logic to delegate this out to per-CA helpers, run them, cache their results internally, and add options to the 'getcert' commands which let people control where we actually store them is turning out to be a rather large patchset, to the point where I'd be much more comfortable if we rebased the package.
Comment 3 Kaleem 2014-08-22 05:40:05 UTC 
Verified.

certmonger version:
===================
[root@rhel66-master ~]# rpm -q certmonger
certmonger-0.75.13-1.el6.x86_64
[root@rhel66-master ~]

Snip from beaker automation log:
================================
   [   PASS   ]      TC1_getcert_request   Valid location with -F parameter
   [   PASS   ]      TC2_getcert_request   Invalid location with -F parameter
   [   PASS   ]      TC3_getcert_request   empty -F parameter
   [   PASS   ]      TC4_getcert_request   CA already exist in provided file location
   [   PASS   ]      TC5_getcert_request   Valid nss db location
   [   PASS   ]      TC6_getcert_request   Invalid nss db location
   [   PASS   ]      TC7_getcert_request   Empty nss db location
   [   PASS   ]      TC8_getcert_request   CA already exists
   [   PASS   ]      TC9_getcert_resubmit   Valid location with -F parameter
   [   PASS   ]      TC10_getcert_resubmit   Invalid location with -F parameter
   [   PASS   ]      TC11_getcert_resubmit   empty -F parameter
   [   PASS   ]      TC12_getcert_resubmit   CA already exist in provided file location
   [   PASS   ]      TC13_getcert_resubmit   Valid location with -a parameter
   [   PASS   ]      TC14_getcert_resubmit   Invalid location with -a parameter
   [   PASS   ]      TC15_getcert_resubmit   empty -a parameter
   [   PASS   ]      TC16_getcert_resubmit   CA already exist in provided nss db location
   [   PASS   ]      TC17_getcert_start_tracking   Valid location with -F parameter
   [   PASS   ]      TC18_getcert_start_tracking   Invalid location with -F parameter
   [   PASS   ]      TC19_getcert_start_tracking   empty -F parameter
   [   PASS   ]      TC20_getcert_start_tracking   CA already exist in provided file location
   [   PASS   ]      TC21_getcert_start_tracking   Valid location with -a parameter
   [   PASS   ]      TC22_getcert_start_tracking   Invalid location with -a parameter
   [   PASS   ]      TC23_getcert_start_tracking   empty -a parameter
   [   PASS   ]      TC24_getcert_start_tracking   CA already exist in provided nss db location
Comment 4 errata-xmlrpc 2014-10-14 07:12:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1512.html