Bug 480714
Summary: | Renewal: Revoked expired cert which is in the renew grace period is renewed. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Asha Akkiangady <aakkiang> | ||||
Component: | Certificate Manager | Assignee: | Ade Lee <alee> | ||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | alee, awnuk, benl, cfu | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-07-22 23:31:17 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 443788 | ||||||
Attachments: |
|
Description
Asha Akkiangady
2009-01-20 00:56:14 UTC
Please supply profile that you tested with. Renewal grace period works with the following parameters: policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default Yes, the renewal grace period has the default values. policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default Created attachment 345953 [details]
patch to fix
cfu, please review
one line change to take into account expired-revoked certs!
cfu+ [builder@oliver base]$ svn ci -m "Bugzilla Bug #480714 and #481659 - renewal fixes for expired_revoked certs and prevent key archival for renewals" common/ Sending common/src/com/netscape/cms/profile/common/CAEnrollProfile.java Sending common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java Transmitting file data .. Committed revision 503. [builder@oliver base]$ cd ../dogtag/ [builder@oliver dogtag]$ svn ci -m "Bugzilla Bug #480714 and #481659 - renewal fixes for expired_revoked certs and prevent key archival for renewals" common/ Sending common/pki-common.spec Transmitting file data . Committed revision 504. Verified. When tried to renew a revoked-expired cert which is in the renewal grace period getting the error message: Sorry, your request is not submitted. The reason is "Certificate serial number 29 to be renewed is revoked. Cannot renew a revoked certificate". |