Bug 1129537 - CA not saved to specified nss db location
Summary: CA not saved to specified nss db location
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: certmonger
Version: 6.6
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: Kaleem
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-13 06:16 UTC by Kaleem
Modified: 2014-10-14 07:12 UTC (History)
4 users (show)

Fixed In Version: certmonger-0.75.13-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-14 07:12:53 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1512 normal SHIPPED_LIVE certmonger bug fix and enhancement update 2014-10-14 01:22:25 UTC

Description Kaleem 2014-08-13 06:16:47 UTC
Description of problem:
While requesting a certificate with option to fetch CA and save it to specified nss db, i observed that requested certificate is saved to specified nss db but CA cert is not.

Version-Release number of selected component (if applicable):
[root@rhel66-master ~]# rpm -q certmonger
certmonger-0.75.10-1.el6.x86_64
[root@rhel66-master ~]#

How reproducible:
Always

Steps to Reproduce:
1. Request a cert along with option to fetch CA and save it to specified nss db

[root@rhel66-master ~]# ipa-getcert request -w -v -d /tmp/certs/ -n test -a /tmp/certs/
New signing request "20140811085502" added.
State NEWLY_ADDED_READING_KEYINFO, stuck: no.
State GENERATING_KEY_PAIR, stuck: no.
State GENERATING_CSR, stuck: no.
State SUBMITTING, stuck: no.
State SAVING_CERT, stuck: no.
State MONITORING, stuck: no.
[root@rhel66-master ~]#

[root@rhel66-master certs]# certutil -L -d .

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

test                                                         u,u,u
[root@rhel66-master certs]# 

Actual results:
NO CA cert saved to specified nss db location

Expected results:
CA cert should be saved to specified nss db location

Comment 2 Nalin Dahyabhai 2014-08-18 15:28:31 UTC
getcert was erroneously ignoring storage locations which weren't specified with a storage scheme (a "dbm:" or "sql:" prefix).

Comment 5 Kaleem 2014-08-19 04:00:39 UTC
Verified.

certmonger version:
===================
[root@rhel66-master certs]# rpm -q certmonger
certmonger-0.75.13-1.el6.x86_64
[root@rhel66-master certs]#

[root@rhel66-master ~]# ipa-getcert request -w -v -d /tmp/certs/ -n test -a /tmp/certs/
New signing request "20140819035038" added.
State NEWLY_ADDED_READING_KEYINFO, stuck: no.
State GENERATING_KEY_PAIR, stuck: no.
State GENERATING_CSR, stuck: no.
State SUBMITTING, stuck: no.
State READING_CERT, stuck: no.
State MONITORING, stuck: no.
[root@rhel66-master ~]# ipa-getcert list -i 20140819035038
Number of certificates and requests being tracked: 10.
Request ID '20140819035038':
	status: MONITORING
	stuck: no
	key pair storage: type=NSSDB,location='/tmp/certs',nickname='test',token='NSS Certificate DB'
	certificate: type=NSSDB,location='/tmp/certs',nickname='test',token='NSS Certificate DB'
	CA: IPA
	issuer: CN=Certificate Authority,O=TESTRELM.TEST
	subject: CN=rhel66-master.testrelm.test,O=TESTRELM.TEST
	expires: 2016-08-19 03:50:40 UTC
	key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
	eku: id-kp-serverAuth,id-kp-clientAuth
	pre-save command: 
	post-save command: 
	track: yes
	auto-renew: yes
[root@rhel66-master ~]# cd /tmp/certs/
[root@rhel66-master certs]# certutil -L -d .

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

test                                                         u,u,u
TESTRELM.TEST IPA CA                                         CT,C,C
[root@rhel66-master certs]#

Comment 6 errata-xmlrpc 2014-10-14 07:12:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1512.html


Note You need to log in before you can comment on or make changes to this bug.