Bug 1478154
Summary: | getcert (ipa-getcert) ignores -X | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael Voetter <mikevo> |
Component: | certmonger | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 26 | CC: | abokovoy, ftweedal, ipa-maint, jcholast, jhrozek, mharmsen, nalin, pvoborni, rcritten, ssorce, tkrizek |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | certmonger-0.79.4-1.fc26 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-31 15:55:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael Voetter
2017-08-03 18:26:02 UTC
I've duplicated this in a Fedora-26 system running against an IdM install on RHEL 7.4 (ipa-server-4.5.0-21.el7.x86_64) On the 7.4 server itself I created a new sub-ca named vpn with the subject CN=VPN. I requested a cert similar to the reporter, just using the standard profile: ipa-getcert request -r -f /etc/pki/tls/certs/`hostname`.crt -k /etc/pki/tls/private/`hostname`.key -N CN=`hostname` -D `hostname` -K host/`hostname` -T caIPAserviceCert -X vpn And the subject is correct. I did the same in an enrolled Fedora 26 client and the subject is from the primary CA. The problem is: [Fri Aug 04 16:13:28.812095 2017] [:error] [pid 14347] ipa: INFO: exception OptionError caught when converting options: Unknown option: ca The correct option is cacn. AFAICT he problem has been in certmonger since the introduction of the feature with commit 20a6536febf0815d0b3d301133820a46fdd6ef21 A patch that fixes this is in RHEL but apparently was never merged upstream. Fixed upstream: https://pagure.io/certmonger/c/e3fb587c5911efbef1d1bb8738f109886a8a11a4?branch=master Submitted to updates-testing, https://bodhi.fedoraproject.org/updates/certmonger-0.79.4-1.fc26 |