|Summary:||getcert request command fails to use Sub CA using -X argument|
|Product:||Red Hat Enterprise Linux 7||Reporter:||Abhijeet Kasurde <akasurde>|
|Component:||certmonger||Assignee:||Jan Cholasta <jcholast>|
|Status:||CLOSED ERRATA||QA Contact:||Kaleem <ksiddiqu>|
|Severity:||unspecified||Docs Contact:||Aneta Šteflová Petrová <apetrova>|
|Version:||7.3||CC:||dkupka, jcholast, mkolaja, mkosek, nalin|
|Fixed In Version:||certmonger-0.78.4-3.el7||Doc Type:||Bug Fix|
*certmonger* no longer fails to request certificates from IdM sub-CAs The *certmonger* service previously used incorrect API calls to request certificates from IdM sub-Certificate Authorities (sub-CAs). As a consequence, the sub-CA setting was ignored and the certificate was always issued by the IdM root CA. This update fixes the bug, and *certmonger* now requests certificates from IdM sub-CAs as expected.
|Last Closed:||2016-11-04 07:50:59 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Abhijeet Kasurde 2016-08-17 08:45:31 UTC
Description of problem: When ipa-getcert request is triggered with Sub CA using -X argument, then command fails to issue certificate with Sub-CA as issuer. See console.log for steps involved. Version-Release number of selected component (if applicable): ipa-server-4.4.0-7.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. ipa ca-add 2. ipa-getcert request -k /samplereq1.key -f /samplereq1.crt -X SampleCA1 3. View issued certificate for issuer name 4. View ipa-getcert list -i <request_id> for issuer name Actual results: Issuer Name in certificate issued is set to default IPA CA instead of Sub CA Expected results: Issuer Name in certificate issued should be set to Sub CA Additional info: As per IRC chat with jcholast, https://git.fedorahosted.org/cgit/certmonger.git/tree/src/ipa.c#n384 - here it should say "cacn" instead of "ca"
Comment 1 Abhijeet Kasurde 2016-08-17 08:46:02 UTC
Certmonger version used :: certmonger-0.78.4-2.el7.x86_64
Comment 8 Jan Cholasta 2016-09-06 08:35:58 UTC
Comment 10 Abhijeet Kasurde 2016-09-20 06:19:02 UTC
Verified using IPA and Certmonger version :: ipa-server-4.4.0-12.el7.x86_64 certmonger-0.78.4-3.el7.x86_64 Marking BZ as verified.
Comment 11 Abhijeet Kasurde 2016-09-20 06:19:31 UTC
Created attachment 1202711 [details] console.log
Comment 15 errata-xmlrpc 2016-11-04 07:50:59 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2519.html