Bug 727282

Summary: [ipa webui] Can not get or view host certificate - Regression
Product: Red Hat Enterprise Linux 6 Reporter: Jenny Severance <jgalipea>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.1CC: benl, dpal, nsoman
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-2.1.0-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: Trying to view the certificate of a host would return the error "unknown command u'show'" Consequence: User would have to use the command-line to view host certificates. Fix: The certificate buttons including Get, View, Revoke and Restore for hosts and services have been fixed to use the correct entity name. Result: Viewing certificates works.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 18:29:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
error message none

Description Jenny Severance 2011-08-01 18:01:43 UTC 
Created attachment 516187 [details]
error message

Description of problem:
After updated to the latest good ipa build.  Can no longer Get or View a host's certificate.  Clicking on either of these buttons results in error "unknown command u'show'".  See attached screen shot.

I am able to run this from the command-line,

Show host to get serial number :

# ipa host-show --all myhost.qe.lab.ipa
  dn: fqdn=myhost.qe.lab.ipa,cn=computers,cn=accounts,dc=qe,dc=lab,dc=ipa
  Host name: myhost.qe.lab.ipa
  Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5MQUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAxMTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRowGAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WVChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZDMwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCBiTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8NRos6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCVYACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVGaL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl
  Principal name: host/myhost.qe.lab.ipa.IPA
  Keytab: False
  Managed by: myhost.qe.lab.ipa
  Managing: myhost.qe.lab.ipa
  Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA
  Serial Number: 68
  Issuer: CN=Certificate Authority,O=QE.LAB.IPA
  Not Before: Mon Aug 01 17:53:34 2011 UTC
  Not After: Sat Jan 28 17:53:34 2012 UTC
  Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20
  Fingerprint (SHA1): 33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01
  cn: myhost.qe.lab.ipa
  ipauniqueid: 2a54cdc6-bc67-11e0-bb7c-0015172f2b30
  objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, top
  serverhostname: myhost


show the certificate ...

# ipa cert-show 68
  Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5M
QUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAx
MTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRow
GAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WV
ChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZD
MwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCB
iTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1
MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2Nh
L29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG
SIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT
75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8N
Ros6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk
8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCV
YACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVG
aL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl
  Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA
  Issuer: CN=Certificate Authority,O=QE.LAB.IPA
  Not Before: Mon Aug 01 17:53:34 2011 UTC
  Not After: Sat Jan 28 17:53:34 2012 UTC
  Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20
  Fingerprint (SHA1): 33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01
  Serial number: 68


Version-Release number of selected component (if applicable):
Name        : ipa-server                   Relocations: (not relocatable)
Version     : 2.0.99                            Vendor: (none)
Release     : 5.20110729T0519zgit51cd0c9.el6   Build Date: Fri 29 Jul 2011 01:32:08 AM EDT
Install Date: Fri 29 Jul 2011 04:53:56 PM EDT      Build Host: goofy-vm16.dsdev.sjc.redhat.com
Group       : System Environment/Base       Source RPM: ipa-2.0.99-5.20110729T0519zgit51cd0c9.el6.src.rpm
Size        : 3261447                          License: GPLv3+
Signature   : (none)
URL         : http://www.freeipa.org/
Summary     : The IPA authentication server
Description :
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are installing an IPA server you need
to install this package (in other words, most people should NOT install
this package).


How reproducible:


Steps to Reproduce:
1. generate a host CSR (I used certutil)
2. add a new ipa host
3. submit the CSR for signing
4. edit the host and try to view or get the host's certificate
  
Actual results:


Expected results:


Additional info:
Comment 2 Rob Crittenden 2011-08-02 12:49:32 UTC 
https://fedorahosted.org/freeipa/ticket/1556
Comment 3 Rob Crittenden 2011-08-16 13:53:38 UTC 
master: 4c9359ab625c700f150cfd8191e7181542089633
Comment 5 Rob Crittenden 2011-11-01 01:06:27 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Trying to view the certificate of a host would return the error "unknown command u'show'"
Consequence: User would have to use the command-line to view host certificates.
Fix: The certificate buttons including Get, View, Revoke and Restore for hosts and services have been fixed to use the correct entity name.
Result: Viewing certificates works.
Comment 6 Namita Soman 2011-11-05 20:19:10 UTC 
Verified using ipa-server-2.1.3-8.el6.x86_64
Can issue, get and view cert for host
Comment 7 errata-xmlrpc 2011-12-06 18:29:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html