Bug 1248725
Summary: | ipa cert-request for new certificate profile internal error | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Scott Poore <spoore> | ||||
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Namita Soman <nsoman> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.2 | CC: | rcritten | ||||
Target Milestone: | rc | Keywords: | TestBlocker | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-08-04 13:36:27 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1200694 | ||||||
Attachments: |
|
Description
Scott Poore
2015-07-30 17:15:54 UTC
Created attachment 1057764 [details]
pki debug log
Thank you for detailed transcript. The problem is: cp /usr/share/ipa/profiles/caIPAserviceCert.cfg /tmp/cert_profile_smime.cfg The files in /usr/share/ipa/profiles/ are _templates_ for the default profile(s) in IPA. They contain variables that need to be substituted and are not valid profile configurations until these substitutions are performed. These substitutions are performed automatically during install / upgrade. In short, they are not for end-user / administrator consumption. To copy the actual caIPAserviceCert configuration, execute: ipa certprofile-show --out /tmp/cert_profile_smime.cfg caIPAserviceCert The fact that the invalid profile configuration was accepted needs more investigation, but that is probably for a separate ticket. Ah, that's right--the variables. Yeah, that resolved my issue: [root@master ~]# ipa cert-request testuser1.csr --profile-id=cert_profile_smime --principal=testuser1 Certificate:... Subject: CN=testuser1,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Not Before: Tue Aug 04 13:33:43 2015 UTC Not After: Fri Aug 04 13:33:43 2017 UTC Fingerprint (MD5): ... Fingerprint (SHA1): ... Serial number: 14 Serial number (hex): 0xE I'll close this bug and move the RFE back to ON_QA. I'll open a separate bug for the case of accepting invalid config. Thanks, Scott fyi, I opened bug #1250093 for the importing of invalid config. |