Bug 1334582
Summary: | Inconsistent UI and CLI options for removing certificate hold | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Aneta Šteflová Petrová <apetrova> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | pvoborni, rcritten, spoore |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.4.0-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 05:53:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Aneta Šteflová Petrová
2016-05-10 06:15:49 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5878 Verified. Version :: ipa-server-4.4.0-12.el7.x86_64 Results :: ### Setup: Create user with certificate [root@vm1 ~]# ipa user-add bz1334582_0 --first=f --last=l ------------------------ Added user "bz1334582_0" ------------------------ User login: bz1334582_0 First name: f Last name: l Full name: f l Display name: f l Initials: fl Home directory: /home/bz1334582_0 GECOS: f l Login shell: /bin/sh Principal name: bz1334582_0 Principal alias: bz1334582_0 Email address: bz1334582_0 UID: 635200004 GID: 635200004 Password: False Member of groups: ipausers Kerberos keys available: False [root@vm1 ~]# openssl req -new -newkey rsa:2048 -days 365 -nodes -keyout bz1334582_0.key -out bz1334582_0.csr -subj "/CN=bz1334582_0" Generating a 2048 bit RSA private key ...................................................................................................+++ ..................+++ writing new private key to 'bz1334582_0.key' ----- [root@vm1 ~]# ipa cert-request bz1334582_0.csr --principal bz1334582_0 Issuing CA: ipa Certificate: MIIECTCCAvGgAwIBAgIBDTANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFNUExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDkxOTIzMzE1NFoXDTE4MDkyMDIzMzE1NFowLDEUMBIGA1UECgwLRVhBTVBMRS5DT00xFDASBgNVBAMMC2J6MTMzNDU4Ml8wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1A0YPBgDqV4HPQY/NCEZKqITgfo3J8aNarLXcwpPeLQV6BYbXcgWeQANwpaLgP9A9jRhZEXBqR3v6/5KhKpmavYVoYA1CVGMcI5zs1x12h+rArN/9yTGbguhnIi9q77/K3d3IXi9gjZUQiyC0+sYTU682Gnuam03R8aa+uOLm+wVHGIGKRpsSuxjQuXGKT85580afLf45E8NaoLJ+6LEJrGwbc9Og4htMZBxnKuk2yVJl6b4wETHQGSML5j5On8pb/gPfr8hFsLMlSbpS4x5XioxWd/rrjlIV+1P8npH0HwVv9dQ422vQhg8i6hBBm7BXds3VkE9yEb/VTXLFCKu3wIDAQABo4IBKjCCASYwHwYDVR0jBBgwFoAUDB7zjSoaGVF+EcB3gNSlLOHpKyMwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLWNhLmV4YW1wbGUuY29tL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BgNVHR8EbzBtMGugM6Axhi9odHRwOi8vaXBhLWNhLmV4YW1wbGUuY29tL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4EFgQUct6f6YC/e3ZBdo07dv2clblgwiswDQYJKoZIhvcNAQELBQADggEBABnVgCbSaBfbEBsaZVZV5kcAXLlNcjRZwUOB98txTfh8E05sr4ZBgskiO0qbcpogeveMjTGWpATc5uVRas9QHBugXQvOluIfE6Y7N0xGPTBd8zPTMuHzzPIDzQuWPZmdS7M2N0ynOz4Voz6jYw06t1RdbAT2CaYc8swVS2qR9IgEQL6So1GYRCGn9oziDQunPiP5gCephcLsd/7CQ5EAEz9mFJiCebGDheR7RCMmYHr+8jfzJgv4XBaflZreCBp3cQcnjRSiBDV2Euo40Ai+1O5m+6tVVaRYuTwuK1MT2iyfWV6+puAIDcNwQ6EXtgnbj5i1ETYhLEkU7wrSqnuMqdk= Subject: CN=bz1334582_0,O=EXAMPLE.COM Issuer: CN=Certificate Authority,O=EXAMPLE.COM Not Before: Mon Sep 19 23:31:54 2016 UTC Not After: Thu Sep 20 23:31:54 2018 UTC Fingerprint (MD5): 5e:de:ef:b7:93:c5:48:e6:70:5e:20:ed:43:69:cf:55 Fingerprint (SHA1): 0e:25:e0:1d:9e:fe:12:cc:a2:86:fe:3e:17:d2:60:f2:1e:e7:4e:aa Serial number: 13 Serial number (hex): 0xD ### TC_1: Remove hold not active if cert not revoked # Go to WebUI Authenticaion > Certificates > Certificates (Default for Authentication) == Certificates == 13 (certificate for user bz1334582_0) == Certificate: 13 == Actions Remove hold is inactive (grayed out) ### TC_2: Remove hold option available if revocation reason is 6 # Back to Master CLI [root@vm1 ~]# ipa cert-revoke --revocation-reason=6 13 Revoked: True # WebUI Authenticaion > Certificates > Certificates (Default for Authentication) == Certificates == Refresh 13 (now shows revoked) == Certificate: 13 == Action (still showed remove hold inactive) refresh browser Actions Remove hold is now active ( Click ) == Remove Certificate Hold == Remove hold == Certificate: 13 == Actions Remove hold is inactive (grayed out) # Back to Master CLI ### TC_3: remove hold not active for other revocation reason [root@vm1 ~]# ipa cert-revoke --revocation-reason=0 13 Revoked: True # WebUI Authenticaion > Certificates > Certificates (Default for Authentication) == Certificates == Refresh 13 (now shows revoked) == Certificate: 13 == Action (still showed remove hold inactive) refresh button Actions Remove hold is not active ^^^^ In all cases above WebUI did use label "Revoke Hold" for the Action menu option. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |