Bug 1549585

Summary: Document owner and permission parameters to getcert
Product: Red Hat Enterprise Linux 7 Reporter: Johan Swensson <jswensso>
Component: certmongerAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: myusuf, nalin, ndehadra, pvoborni
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: certmonger-0.78.4-12.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 19:44:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Johan Swensson 2018-02-27 13:16:24 UTC 
Description of problem:
The following parameters are not documented in getcert request --help

{"key-owner", 'o', POPT_ARG_STRING, NULL, 'o', _("owner information for private key"), HELP_TYPE_USER},
{"key-perms", 'm', POPT_ARG_STRING, NULL, 'm', _("file permissions for private key"), HELP_TYPE_MODE},
{"cert-owner", 'O', POPT_ARG_STRING, NULL, 'O', _("owner information for certificate"), HELP_TYPE_USER},
{"cert-perms", 'M', POPT_ARG_STRING, NULL, 'M', _("file permissions for certificate"), HELP_TYPE_MODE},


Version-Release number of selected component (if applicable):
certmonger-0.78.4-3

How reproducible:
getcert request --help or ipa-getcert request --help

Steps to Reproduce:
1. getcert request --help or ipa-getcert request --help
2.
3.

Actual results:
The help nor man pages does not mention the the parameters.

Expected results:
Help and and man pages should mention all available parameters.
Comment 3 Rob Crittenden 2019-07-26 13:40:49 UTC 
https://pagure.io/certmonger/c/8c4ace528c8af2e05ea737cdafdaad0d9e4d8e37?branch=master
Comment 5 Mohammad Rizwan 2019-12-06 10:47:44 UTC 
version:
certmonger-0.78.4-12.el7.x86_64


[root@master ~]# ipa-getcert request --help
ipa-getcert - client certificate enrollment tool

Usage: ipa-getcert request [options]

Required arguments:
* If using an NSS database for storage:
  -d DIR	NSS database for key and cert
  -n NAME	nickname for NSS-based storage (only valid with -d)
  -t NAME	optional token name for NSS-based storage (only valid with -d)
* If using files for storage:
  -k FILE	PEM file for private key
  -f FILE	PEM file for certificate (only valid with -k)
* If keys are to be encrypted:
  -p FILE	file which holds the encryption PIN
  -P PIN	PIN value

Optional arguments:
* Certificate handling settings:
  -I NAME	nickname to assign to the request
  -G TYPE	type of key to be generated if one is not already in place
  -g SIZE	size of key to be generated if one is not already in place
  -r		attempt to renew the certificate when expiration nears (default)
  -R		don't attempt to renew the certificate when expiration nears
  -T PROFILE	ask the CA to process the request using the named profile or template
  --ms-template-spec SPEC
	 include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])
  -X ISSUER	ask the CA to process the request using the named issuer
* Parameters for the signing request:
  -N NAME	set requested subject name (default: CN=<hostname>)
  -U EXTUSAGE	set requested extended key usage OID
  -u KEYUSAGE	set requested key usage value
  -K NAME	set requested principal name
  -D DNSNAME	set requested DNS name
  -E EMAIL	set requested email address
  -A ADDRESS	set requested IP address
  -l FILE	file which holds an optional challenge password
  -L PASSWORD	an optional challenge password value
* Bus options:
  -S		connect to the certmonger service on the system bus
  -s		connect to the certmonger service on the session bus
* Other options:
  -B	command to run before saving the certificate
  -C	command to run after saving the certificate
  -F	file in which to store the CA's certificates
  -a	NSS database in which to store the CA's certificates
  -w	try to wait for the certificate to be issued
  -v	report all details of errors
  -o OWNER	owner information for private key
  -m MODE	file permissions for private key
  -O OWNER	owner information for certificate
  -M MODE	file permissions for certificate



[root@master ~]# getcert request --help
getcert - client certificate enrollment tool

Usage: getcert request [options]

Required arguments:
* If using an NSS database for storage:
  -d DIR	NSS database for key and cert
  -n NAME	nickname for NSS-based storage (only valid with -d)
  -t NAME	optional token name for NSS-based storage (only valid with -d)
* If using files for storage:
  -k FILE	PEM file for private key
  -f FILE	PEM file for certificate (only valid with -k)
* If keys are to be encrypted:
  -p FILE	file which holds the encryption PIN
  -P PIN	PIN value

Optional arguments:
* Certificate handling settings:
  -I NAME	nickname to assign to the request
  -G TYPE	type of key to be generated if one is not already in place
  -g SIZE	size of key to be generated if one is not already in place
  -r		attempt to renew the certificate when expiration nears (default)
  -R		don't attempt to renew the certificate when expiration nears
  -c CA		use the specified CA rather than the default
  -T PROFILE	ask the CA to process the request using the named profile or template
  --ms-template-spec SPEC
	 include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])
  -X ISSUER	ask the CA to process the request using the named issuer
* Parameters for the signing request:
  -N NAME	set requested subject name (default: CN=<hostname>)
  -U EXTUSAGE	set requested extended key usage OID
  -u KEYUSAGE	set requested key usage value
  -K NAME	set requested principal name
  -D DNSNAME	set requested DNS name
  -E EMAIL	set requested email address
  -A ADDRESS	set requested IP address
  -l FILE	file which holds an optional challenge password
  -L PASSWORD	an optional challenge password value
* Bus options:
  -S		connect to the certmonger service on the system bus
  -s		connect to the certmonger service on the session bus
* Other options:
  -B	command to run before saving the certificate
  -C	command to run after saving the certificate
  -F	file in which to store the CA's certificates
  -a	NSS database in which to store the CA's certificates
  -w	try to wait for the certificate to be issued
  -v	report all details of errors
  -o OWNER	owner information for private key
  -m MODE	file permissions for private key
  -O OWNER	owner information for certificate
  -M MODE	file permissions for certificate

parameters can be seen in the help menu. Hence marking the verified.
Comment 7 errata-xmlrpc 2020-03-31 19:44:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1052