Bug 805200

Summary: [RFE] ipa cert-show retrieve certificate by other than serial number
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: jcholast, jgalipea, mkosek, nsoman, pvoborni
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.2.1-1.el7 Doc Type: Enhancement
Doc Text:
Feature: Add new cert-find command for finding certificates. Reason: Allow querying certificates based on various criteria beyond serial numbers. Result (if any): Certificates can be queried based on serial number range, subject name, validity period, revocation status and issue date.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:12:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dmitri Pal 2012-03-20 16:33:50 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2528

Currently, ipa cert-show allow one to retrieve any signed certificate by the serial number. While this works, it is rather inconvenient. It would be nice if it could retrieve certificate by subject.
Comment 2 Rob Crittenden 2013-02-19 16:55:28 UTC 
CLI interface added upstream, cert-find

master: 462beacc9d13968128fa320d155016df2d72a20a

ipa-3-1: e5ab5ebb79785262606821452f04e5c019d40c02

The UI piece is being handled in https://fedorahosted.org/freeipa/ticket/3419
Comment 3 Petr Vobornik 2013-03-18 14:26:19 UTC 
Web UI:
master:
 * 8d369519116cb1f257304d79d13e63188fc7d978 Web UI:Choose different search option for cert-find
 * 070fc176aecc3c7661cdb085b157d2d4c653fc46 Web UI:Certificate pages 

ipa-3-1:
 * 02e315f85994205257149b07cc870b30793d6921 Web UI:Choose different search option for cert-find
 * 17266e99274ea6dfe8cb3f8a001f17d019e5e4df Web UI:Certificate pages
Comment 6 Namita Soman 2013-12-12 19:37:02 UTC 
Verified using ipa-server-3.3.3-4.

Short version of the output from automated tests:
:: [   PASS   ]   cert_find_001: Positive and Negative tests of Serial number find min BZ805200
:: [   PASS   ]   cert_find_002: Positive and Negative tests of Serial number find max BZ805200
:: [   PASS   ]   cert_find_005: Positive and Negative tests of Serial number find by valid not after BZ805200
:: [   PASS   ]   cert_find_006: Positive and Negative tests of Serial number find by valid not before BZ805200
:: [   PASS   ]   cert_find_003: Positive and Negative tests of Serial number find by subject BZ805200
:: [   PASS   ]   cert_find_004: Positive and Negative tests of Serial number find by issued-on and issued-to BZ805200
:: [   PASS   ]   cert_find_007: Positive and Negative tests of Serial number find min and max BZ805200

Verified using UI as well.
Comment 7 Ludek Smid 2014-06-13 12:12:45 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.