Bug 1371479

Summary: cert-find --all does not show information about revocation
Product: Red Hat Enterprise Linux 7 Reporter: Martin Bašti <mbasti>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Ganna Kaihorodova <gkaihoro>
Severity: unspecified Docs Contact: Aneta Šteflová Petrová <apetrova>
Priority: high    
Version: 7.3CC: apetrova, ipa-qe, jcholast, jhrozek, jreznik, mkolaja, nsoman, ppicka, pvoborni, pvomacka, rcritten, spoore, tscherf
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: ipa-4.4.0-13.el7 Doc Type: Known Issue
Doc Text:
The IdM web UI does not correctly recognize the status of a revoked certificate The Identity Management (IdM) web UI is currently unable to determine whether a certificate has been revoked. As a consequence: * The `Revoked` sign is not displayed when viewing the certificate from the user, service, or host details page. * The `Revoke` action is still available from the details page. Attempting to revoke an already revoked certificate results in an error dialog. * The `Remove Hold` button is always disabled even if the certificate has been revoked because of Certificate Hold (revocation reason 6).
Story Points: ---
Clone Of:
: 1389252 (view as bug list) Environment:
Last Closed: 2017-08-01 09:39:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1389252    
Description Flags
Verification for bug "cert-find --all does not show information about revocation"
verification screenshot for webUI part of the bug
verification screenshot #2 for webUI part of the bug none

Description Martin Bašti 2016-08-30 10:04:01 UTC
This bug is created as a clone of upstream ticket:


Cert-find with --all option stopped to show information whether certificate is revoked and the reason of revocation. Affects CLI and API. 

These information are needed to correctly disable and enable Revoke and Remove Hold buttons on user/service/host details pages in WebUI.

Comment 1 Martin Bašti 2016-08-30 10:05:10 UTC
Fixed upstream

Comment 5 Scott Poore 2016-09-16 16:47:44 UTC
I see revoked but, I don't see a reason.

This user was revoked with reason 6 (certificateHold)

[root@master ~]# ipa cert-find --all --subject="certuser6"
1 certificate matched
  Subject: CN=certuser6,O=IPA.TEST
  Issuer: CN=Certificate Authority,O=IPA.TEST
  Not Before: Fri Sep 16 16:34:40 2016 UTC
  Not After: Mon Sep 17 16:34:40 2018 UTC
  Fingerprint (MD5): 54:99:de:e6:ae:ad:17:fc:0f:e2:98:d9:f2:8a:70:f4
  Fingerprint (SHA1): 61:41:b9:01:57:e2:d4:7c:f5:bd:af:1d:12:06:b1:9c:83:d1:85:8b
  Serial number: 33
  Serial number (hex): 0x21
  Status: REVOKED
  Revoked: True
  Owner user: certuser6
Number of entries returned 1

I can remove the hold:

[root@master ~]#  ipa cert-remove-hold 33
  Unrevoked: True

But I cannot tell from cert-find what the reason is.  From the initial bug description that should be added as well, right?

Comment 6 Scott Poore 2016-09-19 13:30:20 UTC

Can you help with this?  This should be showing the reason too right?


Comment 7 Petr Vobornik 2016-09-19 15:01:13 UTC
Pavel, the original bug description talks about revocation reason, but the fix doesn't touch it. Was this bug about it?

Comment 8 Pavel Vomacka 2016-09-19 15:05:22 UTC
Yes, it was about the information whether bug is revoked and if it is then what is the reason. The revocation reason is needed.

Comment 9 Scott Poore 2016-09-19 18:33:54 UTC
Moving back to assigned since it does look like revocation reason should be listed.

Comment 22 Ganna Kaihorodova 2017-05-17 13:45:37 UTC
Created attachment 1279694 [details]
Verification for bug "cert-find --all does not show information about revocation"

Comment 23 Ganna Kaihorodova 2017-05-17 13:48:01 UTC
Created attachment 1279695 [details]
verification screenshot for webUI part of the bug

Comment 24 Ganna Kaihorodova 2017-05-17 13:49:26 UTC
Created attachment 1279696 [details]
verification screenshot #2 for webUI part of the bug

Comment 25 errata-xmlrpc 2017-08-01 09:39:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.